jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: HTTP cookie manager and cross domain cookies
Date Fri, 13 Mar 2009 14:32:39 GMT
On 13/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
> Thanks!
>  Is there any workaround I can use for the moment? Given that I can't
>  change amtst.sensis.com.au:50080/amserver/UI/Login (step 2) behaviour.
>

If you are willing to try a nightly build, I put a fix into SVN which
is in builds after r753086. This should stop cross-domain cookies from
being stored.

It is also possible to maniulate the cookie jar using a BeanShell
Post-Processor.

// Get the jar of cookies
cm=ctx.getCurrentSampler().getCookieManager();
jar=cm.getCookies();

// Loop through the cookies
iter = jar.iterator();
while (iter.hasNext()) {
    cookie = iter.next().getObjectValue();
    if (".integrators.com".equals(cookie.getDomain())){
         iter.remove();
    }
}

This does not take account of cookies for ".integrators.com" that may
previously have been legitimately added to the jar. You might need to
narrow the match using the cookie name as well.

See the Javadocs for methods you can call on the objects:

http://jakarta.apache.org/jmeter/api/index.html
e.g.
http://jakarta.apache.org/jmeter/api/org/apache/jmeter/protocol/http/control/Cookie.html

>  Cheers,
>  Leo
>
>  -----Original Message-----
>  From: sebb [mailto:sebbaz@gmail.com]
>
> Sent: Friday, 13 March 2009 12:29 PM
>  To: JMeter Users List
>  Subject: Re: HTTP cookie manager and cross domain cookies
>
>  On 12/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
>  > >What cookies are sent at step 1?
>  >  >What cookies are returned from step 1?
>  >  >What cookies are sent in step 2?
>  >
>  >
>  > This is the behaviour I observe in JMeter
>  >  ___
>  >
>  >  Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
>  >  Cookies: JSESSIONID=blah
>  >
>  >  Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
>  >  (no cookies are sent)
>  >
>  >  HTTP/1.1 302 Moved Temporarily
>  >  Location: http://samplesite.integrators.com:80/Samplesite/home.html
>  >
>  >  Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
>  >  Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
>  >  Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
>  >  Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>  >
>  >  Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
>  >  Cookies:
>  >  JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;
>  >
>  >  HTTP/1.1 200 OK
>  >  home.html content
>  >
>  >  (The "iPlanetDirectoryPro" value is identical to the step 2.)
>  >  ___
>  >
>  >  This is what's happening in the browser.
>  >  ___
>  >
>  >  Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
>  >  Cookies: JSESSIONID=blah
>  >
>  >  Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
>  >  (no cookies are sent)
>  >
>  >  HTTP/1.1 302 Moved Temporarily
>  >  Location: http://samplesite.integrators.com:80/Samplesite/home.html
>  >
>  >  Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
>  >  Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
>  >  Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
>  >  Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>  >
>  >  Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
>  >  Cookies: JSESSIONID=blah
>  >
>  >  HTTP/1.1 302 Found
>  >  And the redirect to cross domain verification mechanism.
>  >
>  >  ___
>  >
>  >  So what's happening is that domain amtst.sensis.com.au is setting the
>  >  "iPlanetDirectoryPro" cookie for domain .integrators.com and that
>  >  doesn't work in the browser and works in JMeter. I wonder if that's
>  >  because the server sends 302 with further redirection to
>  >  .integrators.com at the step 2.
>
>  Thanks, that's a very clear description of what's happening.
>
>  It looks like the code just extracts all the cookies and stores them,
>  regardless of whether they are for the correct domain or not.
>
>  This will be fixed for the next release - thanks for reporting the
>  problem.
>
>  >  Cheers,
>  >  Leo
>  >
>  >
>  >  -----Original Message-----
>  >  From: sebb [mailto:sebbaz@gmail.com]
>  >  Sent: Wednesday, 11 March 2009 11:53 PM
>  >  To: JMeter Users List
>  >  Subject: Re: HTTP cookie manager and cross domain cookies
>  >
>  >  On 11/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
>  >  >
>  >  >  Hi,
>  >  >
>  >  >  It appears that HTTP cookie manager allows cross domain cookies,
>  >  which
>  >  >  is different to the behaviour of the browsers. I'm writing a test
>  for
>  >  an
>  >  >  application, which is using Identity Management platform with
>  cross
>  >  >  domain single sign on. The chain of event is the following:
>  >  >
>  >  >
>  >  >
>  >  >  111.com - website domain
>  >  >
>  >  >  222.com - identity management domain (different to the first
>  domain)
>  >  >
>  >  >
>  >  >
>  >  >  1.      Login page on 111.com - sends request to 222.com with the
>  >  >  entered user credentials. 222.com sets cookies with authentication
>  >  >  information for both 222.com, and 111.com and redirects back to
>  >  111.com
>  >
>  >  So there is a cookie for 111.com?
>  >
>  >  >  2.      Since it's a different domain, the cookie for 111.com
>  isn't
>  >  set,
>  >  >  so it has to do a couple of redirects to check if the user is
>  >  authorised
>  >  >  to see the page and only then returns the page.
>  >  >
>  >  >
>  >  >
>  >  >  That's how it works in the browser. In JMeter I can clearly see
>  that
>  >  at
>  >  >  the step 2 cookies for domain 111.com are passed through and the
>  >  >  requested page is returned straight away. I tried different
>  "Cookie
>  >  >  policy" settings, didn't help.
>  >  >
>  >  >
>  >  >
>  >  >  I don't think that's how it supposed to work, can anyone comment
>  on
>  >  >  that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
>  >  >  redirects" and "Redirect automatically" turned off.
>  >  >
>  >
>  >  What cookies are sent at step 1?
>  >  What cookies are returned from step 1?
>  >  What cookies are sent in step 2?
>  >
>  >  You may change the names and values for privacy, but please don't
>  >  leave out any parts of the host name.
>  >
>  >  >
>  >  >  Cheers,
>  >  >
>  >  >  Leo
>  >  >
>  >  >
>  >  >
>  >  >  Sensis. Helping you find, buy and sell.
>  >  >
>  >  >  www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
>  >  www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
>  >  >
>  >  >  Sensis cares for the environment - think before you print.
>  >  >
>  >  >  This email and any attachments are intended only for the use of
>  the
>  >  recipient and may be confidential and/or legally privileged. Sensis
>  Pty
>  >  Ltd disclaims liability for any errors, omissions, viruses, loss
>  and/or
>  >  damage arising from using, opening or transmitting this email. If you
>  >  are not the intended recipient you must not use, interfere with,
>  >  disclose, copy or retain this email and you should notify the sender
>  >  immediately by return email or by contacting Sensis Pty Ltd by
>  telephone
>  >  on [+61 3 8653 5000]
>  >
>  >
>  > ---------------------------------------------------------------------
>  >  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  >  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>  >
>  >
>  >  ---------------------------------------------------------------------
>  >  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  >  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>  >
>  >
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


Mime
View raw message