jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Himanshu Ghai" <himanshug...@gmail.com>
Subject Re: Session ID changes for a POST request
Date Fri, 22 Aug 2008 18:43:52 GMT
Slightly off topic but It doesn't seem to be secure to send an
authentication session
cookie in a url...any thoughts on this?(its okay for tests though)

Himanshu

On Fri, Aug 22, 2008 at 11:09 AM, Fitzpatrick, Adrian
<adrianf@revenue.ie> wrote:
>
> Hi,
>
> It looks to me that you may have recorded the JSESSIONID "92714......." into
> the script when you originally created the script, so thats why its being
> sent with every request. If you can remove this jsession portion of the URL
> from you HTTP sampler, the correct JSESSION which is being included in the
> cookie data should be picked up instead.
>
> Alternatively, if your application and/or app server needs the JSESSION id to
> be in the URL, you may be able to change the URL in the HTTP sampler so that
> it
> looks something like this -
>
> http://localhost:8080/gate.do;jsessionid=${JSESSIONID}?action=index
>
> i.e. its using a variable to fill in the correct value. However im not sure
> if this is the correct syntax to get the value of a cookie as a variable, you
> can look up how to this (am sure its possible) if that doesnt work.
>
> Regards,
>
> - Adrian
>
>
> -----Original Message-----
> From: Chris Hall [mailto:chrishall_ie@yahoo.com]
> Sent: 22 August 2008 14:51
> To: jmeter-user@jakarta.apache.org
> Subject: Session ID changes for a POST request
>
>
> *************************************
>
> This e-mail has been received by the Revenue Internet e-mail service. (IP)
>
> *************************************
>
>
> Hi all,
>  I've been getting problems with Session ID's.
>
>  I've added a HTTP cookie manager, which seems to have resolved most of my
> problems, but I@ve come across an instance where the session ID is not being
> passed correctly to the URL.
>
>  ie
>   GET request #1:
>        GET http://localhost:8080/welcome.do?action=form
>
>        Cookie Data:
>        JSESSIONID=195374BBEEE86BB9633B1CF93B48A03C
>
>        Request Headers:
>        Connection: keep-alive
>
>  but on the next page
>   POST request #1:
>
>   POST
> http://localhost:8080/gate.do;jsessionid=927141B2B85E34E8F586B1FEC7CED71C?act
> ion=index
>
>   POST data:
>   Name=MyName&Password=pass
>
>   Cookie Data:
>   JSESSIONID=195374BBEEE86BB9633B1CF93B48A03C
>
>   Request Headers:
>   Connection: keep-alive
>   Content-Length: 294
>   Content-Type: application/x-www-form-urlencoded
>
> From here, you can see the cookie has the same session ID for both requests,
> except for the post, the url passed is incorrect.
>
>  am i missing something simple here? I'm very new to JMeter it has to be
> said.
>
> Rgds,
> Chris
> --
> View this message in context:
> http://www.nabble.com/Session-ID-changes-for-a-POST-request-tp19107615p191076
> 15.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
>
> ************************
>
> This message has been delivered to the Internet by the Revenue Internet e-mail service
(OP)
>
> *************************
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


Mime
View raw message