JMeter - cookies no clearing on each new test run - cookies

I'm building a test in Jmeter and have hit a seemingly trivial problem, but I cannot find a way to overcome it.
I need to start a new session each time the test runs (I'm building in the GUI). I thought that setting the HTTP cookie manager in the Thread Group with the 'Clear cookies on each iteration' setting checked would clear the cookies on each new run of the test.
It doesn't seem to work however - when running a test for the second time the user session initiated in the previous run is still there.
In fact I am now getting a 494 server error (Cookie too large) because the cookies are accruing in size with each run of the test.
Any ideas on how to clear the cookies with each new run of the test?

As per your comment, issue was related to environment and not JMeter.
Most probably Cookies we stacking up due to some infinite redirection or similar environment problem.
If you face any issue with Cookie Manager, refer to reference documentation.

I doubt this is a JMeter problem, most likely you're receiving an incorrect cookie via Set-Cookie header from the system under test.
You can troubleshoot this issue by enabling extra logging for JMeter's HTTP Cookie manager, this can be done by adding the next line to log4j2.xml file (lives in "bin" folder of your JMeter installation)
<Logger name="org.apache.jmeter.protocol.http.control.CookieManager" level="debug" />
JMeter restart will be required to pick up the changes
Also be aware that you can manually remove all stored cookies in an arbitrary place of your script
Add JSR223 PreProcessor as a child of the HTTP Request sampler
Put the following code into "Script" area:
sampler.getCookieManager().clear()

Related

Jmeter - How to send Cookie with the http request inside in the Header manager (not Cookie manager)

For the purpose of my test, I need to send Cookie within the request like bellow.
If I try to do it with Header manager, cookies are ignored
I cant see them into the Request Headers where I need to see them.
Is there any way, how I can send Cokie into the reqest?
Note: Using Cokie managers is not working for me.
CookieManager.save.cookies=true
CookieManager.check.cookies=false
Are set up into the user.variables.
Using Jmeter 5.4.3
You're looking at wrong place, the cookies are displayed under Request -> Request Body tabs of the View Results Tree listener
So you might want to check your HTTP Cookie Manager setup, it might be the case it's "working". If it doesn't - there might be a problem with the cookies returned by your application, i.e. it's expired, domain mismatch, path mismatch, etc.
In that case you need to raise a bug for your application or change the implementation of the HTTP Cookie Manager to something less restrictive i.e. netscape
You can see what's going on under the hood with the cookies by increasing JMeter logging verbosity for the HTTP Cookie Manager.
Add the next line to log4j2.xml file
<Logger name="org.apache.jmeter.protocol.http.control" level="debug" />
and upon JMeter restart re-run your test and take a look at jmeter.log file, you should see the incoming cookies and whether they're going to be added to the next request or not.

How to manage Cookies are required error page?

I am new to jmeter. I record my script using blazemeter chrome plugin. Now in login I am getting Cookies are required Cookies are disabled on your browser. please enable cookies and refresh this page I have set CookieManager.save.cookies=true but no luck .
As per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
So if your page is using JavaScript in order to check user cookies there is no way to bypass this message, it means that you can just ignore it.
However if you cannot proceed further it means that JMeter doesn't send necessary Cookie header so make sure to add HTTP Cookie Manager to your test plan.
If you added the HTTP Cookie Manager but still seeing that the real browser sends cookies and JMeter doesn't (or sends partial) most probably it means that your server returns malformed or expired cookies and you need to raise a defect for your application.
And last but not the least, if you have to live with these malformed/broken cookies and still need to log in you can go for the following workarounds:
Change "Implementation" of the HTTP Cookie Manager to something less restrictive, i.e. netscape
Add the next line to user.properties file (lives in "bin" folder of your JMeter installation:
CookieManager.check.cookies=false
Increase JMeter logging verbosity for the HTTP Cookie Manager by adding the next line to log4j2.xml file:
<Logger name="org.apache.jmeter.protocol.http.control" level="debug" />
this way you will be able to figure out what's wrong with the cookies
And last but not the least you can always manually extract cookies from the Set-Cookie response header using i.e. Regular Expression Extractor and again manually add them to the HTTP Cookie Manager or HTTP Header Manager

Delete postman cache

I use Postman extension to check out my RESTful APIs
I am trying to make a request to my "localhost", but it seems to have cached one of the query parameters.
I tried clearing cache of my chrome browser but this does not seem to work. I went to the extent of even changing the API resource name.
Has anyone come across such an issue?
Cache-Control request header can be used but one thing to clarify
no-cache does not mean do not cache. In fact, it means on every HTTP request it "revalidate with server" before using any cached response. If the server says that the resource is still valid then the cache will still use the cached version.
while no-store is effectively asking to not cache at all and is intended not to to store anything in the cache.
I tried the solution above and it didn't work for me. What worked was restart the application. I'm using eclipse and running a spring boot application.
In case someone is using the same environment and facing the same problem it may help.
I suggest to use Postman App rather than the extension because with postman app you can do lot more cool things like you can use the console to debug your APIs, create/delete cookies and cache with excellent GUI.
I came across same situation where the request are cached in Postman. I deleted JSESSIONID cookie from Cookies section on PM rather closing the PM app, it solved my problem (means - the call reached to my localhost app) and got accurate response. Please try it if someone needs this solution.
I usually just request the data on a chrome incognito tab/firefox private tab and I guess that this just resets the cache and then it appears on my Postman app.
(I would recommend using the Postman app instead of the website as it has many more features!)

Thinktecture IdentityModel token rejected

My Durandal SPA app performs BASIC authentication to acquire a session token which it then presents in headers to access Web API controller methods. This works fine.
On successful authentication I cache the access_token in localStorage so I can re-acquire it from local storage to preserve the session in the event of browser closure or refresh. The token is re-acquired but it is rejected by the server with an Unauthorized message.
This question starts by saying that the OP has successfully done what I am trying to do, so it's certainly possible, but the code he shows is a sample of (unsuccessfully) trying to do cookie mapping and I can't divine the nature of my problem from it.
One of the answers to this question says
Fortunately, WIF has a way to mitigate [replay attacks]. By configuring:
<identityConfiguration>
.......
<tokenReplayDetection enabled="true" />
.....
</identityConfiguration>
I do in fact have WIF installed on my development workstation, but I wouldn't know where to start looking for this setting. A search of my HDD found "tokenReplayDetection" in 17 System.IdentityModel related DLLs, but not in any config files.
Does anyone think this is in fact the problem and if so where does it live? Any other thoughts also gratefully received.

Cookie Manager of Apache JMeter doesn't add the cookie to POST request

I build up very simple test plan.
Login: POST, a session cookie is returned.
Get the state: GET, a user state is returned.
Create a resource: POST, JSON body is supplied for the resource.
So my 'Test Plan' looks like:
Test Plan
Thread Group
HTTP Request Defaults
HTTP Cookie Manager
Login (HTTP Request Sampler: POST)
Get State (HTTP Request Sampler: GET)
Create Resource (HTTP Request Sampler: POST)
The cookie generated by 'Login' is added to 'Get State' correctly.
But 'Create Resource' has NO cookie. I changed their order but it doesn't help.
I used the default options firstly and changed some options but it also doesn't help.
Is it a bug of JMeter? or just POST http request is not able to have cookie?
Please give me any advice.
[SOLVED]
I noticed that it is related to the path, not the method.
You'd like to look at the domain of the cookie as well as the path.
I mean, the path and the domain of a cookie could be defined in the server side through Set-Cookie header.
Another solution is to set CookieManager.check.cookies=false in jmeter.properties usually sitting besides the jmeter startup script in bin.
JMeter for some reasons thinks that you can't set the path=/something in a cookie if you are on http:/somesite/somethingelse. That is the path has to match the path your currently on.
I've never seen a browser enforce this limitation if it actually exists. I've seen and written several sites that use this technique to set a secure cookie and then forward someone say to /admin.
I wish this option was at least in the GUI so I didn't have to change the properties file. I think BlazeMeter is smart enough to turn off checking where flood.io is not. If it were up to me I'd just remove the code that checks this entirely. Why make the load tester any harder then it needs to be.
I had this turned on in my Spring Boot server which was causing the issue with CookieManager in jMeter:
server.servlet.session.cookie.secure=true
Removing this made the cookies flow ! Of course this is for localhost. For Production you may need this turned on.