JMeter；会话cookie [英] JMeter; session cookie

问题描述

我看到了几个与我的问题有关的JMeter线程，但是似乎没有一个可以解决我的特定问题.

I've seen several JMeter threads that kind of touch on my issue, but none seem to address my specific problem.

问题是-我正在测试的网站的工作方式如下:

The problem is - the web-site that I am testing, works like this:

1. 具有登录字段和提交按钮的主页.当你第一次 在浏览器中浏览到此页面，使用以下命令设置了PHPSESSID Cookie(在响应标题中出现): 唯一值，以标识会话.
2. 当用户单击登录按钮时(用户名和密码在 此页面与系统的当前状态无关)，网络 服务器通过shibboleth重定向到另一台运行LDAP的服务器. Shibboleth需要PHPSESSID cookie的值才能继续. (以验证用户来自正确的联合服务器).
3. 然后，用户输入其帐户用户名和密码，然后单击 登录按钮.
4. (有效)帐户已登录到LDAP服务器；如果该帐户 在原始(1)服务器上不存在，则shibboleth映射 LDAP字段移至原始服务器上的帐户数据库. 然后，用户登录到原始服务器(1) 新创建的帐户，并重定向到原始页面.

1. A home-page with logon fields, and a submit button. When you first browse to this page in a browser, a PHPSESSID cookie is set (comes down in the Response Header) with a unique Value, to identify the session.
2. When the user clicks on the login button (username and password on this page are irrelevant in the system's current state), the web server redirects to a different server running LDAP, via shibboleth. Shibboleth needs the value of the PHPSESSID cookie, to proceed. (to validate that the user is coming from a correct, federated server).
3. The user then enters their account username and password, and clicks the login button.
4. The (valid) account is logged in to the LDAP server; if the account did not exist on the original (1) server, then shibboleth maps the LDAP fields over to the account database on the original server. Then the user is logged in to the original server (1) to the newly-created account, and redirected to the original page.

还有其他一些SAML数据正在交换-我认为这不会成为问题. . .到目前为止，问题似乎出在此Cookie.

There's some other SAML data that's exchanged - which I don't think is going to be a problem. . . so far, the problem seems to be this cookie.

JMeter跌落的位置，位于步骤2.

Where JMeter is falling down, is in step 2.

• 如果我未设置cookie管理器，则LDAP服务器会说我不设置cookie管理器 启用了cookie. (此错误在响应数据中).
• 如果我设置了HTTP cookie管理器，但未指定PHPSESSID cookie， LDAP服务器说我没有启用cookie. (我将其设置为哪个Cookie策略都没有关系)
• 如果我指定PHPSESSID cookie值-当然，每个用户都需要 具有唯一的值，所以这是错误的. . .所以我设定了 RegExp初始页面的后处理器，以提取PHPSESSID 来自请求标头的值，并将其放入变量中 $ {PHPSession}然后在HTTP Cookie管理器中为 $ {PHPSession}的PHPSESSID cookie. . .并且从字面上看 标头， * *事物将提交"Cookie:PHPSESSID = $ {PHPSession}"

• If I do not set a cookie manager, the LDAP server says that I do not have cookies enabled. (this error is in the response data).
• If I set the HTTP cookie manager, with no PHPSESSID cookie specified, the LDAP server says that I do not have cookies enabled. (it does not matter which Cookie Policy I set it to)
• If I specify the PHPSESSID cookie value - of course, each user needs to have an unique value, so this will be wrong. . . So I set a RegExp post processor for the initial page, to extract the PHPSESSID value from the Request Header, and place it into a variable ${PHPSession} Then I specify a value, in HTTP Cookie Manager, for the PHPSESSID cookie, of ${PHPSession} . . . and LITERALLY, in the header, the ** thing submits a "Cookie: PHPSESSID=${PHPSession}"

那么，我读了这篇. . . https://issues.apache.org/bugzilla/show_bug.cgi?id=28715

So then, I read THIS. . . https://issues.apache.org/bugzilla/show_bug.cgi?id=28715

实际上，(措辞上)说:"... cookie管理器不扩展用户变量..."，然后是"...好吧，我们已修复它……它确实扩展了用户变量..."然后……好吧，不，不是在那个字段中，它不是设计来做那个的."

Which says, in effect, (paraphrased) "...cookie manager doesn't expand user variables..." then "... okay, we fixed it... it does expand user variables..." then "... well, no, not in THAT field, it's not designed to do THAT."

所以...基本上，他们说的是，HTTP Cookie Manager无法管理对每个用户都具有唯一值的会话Cookie. (尽管这是我认为的全部目的).

So... basically, they're saying, HTTP Cookie Manager can not manage session cookies that have an unique value for each user. (even though, this is what I thought it's whole purpose was).

对于每个从第一个响应标题中提取值的用户，我还能如何设置并提交一个唯一的cookie?

How else can I set and submit a unique cookie for each user whose value is extracted from the first Response Header?

推荐答案

这可能是当今对负载测试进行编程最困难的任务.我会说您的问题可能与无法通过服务器正确进行LDAP身份验证有关，即每次都未传递新的Seesion ID.请看在步骤2和以后在脚本中使用LDAP Request采样器以这种方式传递令牌.您可以全力以赴并构建LDAP请求，以真正执行您的应用程序.希望这能为您的问题锦上添花！

This is perhaps the most difficult task of programming a load test these days. I would say your problem could be related to failure to make the LDAP authentication right with the server, i.e. not passing in a new seesion ID each time. Look at using the LDAP Request sampler to pass in the token that way, both at Step 2 and for use later on in the script. You can go all out and build LDAP requests to really exercise your application. Hope this sheds some light on your problem!

这篇关于JMeter；会话cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！