jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asanov, Leo" <Leo.Asa...@sensis.com.au>
Subject HTTP cookie manager and cross domain cookies
Date Wed, 11 Mar 2009 06:38:28 GMT

Hi, 

It appears that HTTP cookie manager allows cross domain cookies, which
is different to the behaviour of the browsers. I'm writing a test for an
application, which is using Identity Management platform with cross
domain single sign on. The chain of event is the following:

 

111.com - website domain

222.com - identity management domain (different to the first domain)

 

1.	Login page on 111.com - sends request to 222.com with the
entered user credentials. 222.com sets cookies with authentication
information for both 222.com, and 111.com and redirects back to 111.com
2.	Since it's a different domain, the cookie for 111.com isn't set,
so it has to do a couple of redirects to check if the user is authorised
to see the page and only then returns the page.

 

That's how it works in the browser. In JMeter I can clearly see that at
the step 2 cookies for domain 111.com are passed through and the
requested page is returned straight away. I tried different  "Cookie
policy" settings, didn't help.

 

I don't think that's how it supposed to work, can anyone comment on
that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
redirects" and "Redirect automatically" turned off. 

 

Cheers,

Leo



Sensis. Helping you find, buy and sell.

www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au - www.citysearch.com.au - www.whereis.com.au
- www.tradingpost.com.au 

Sensis cares for the environment - think before you print.

This email and any attachments are intended only for the use of the recipient and may be confidential
and/or legally privileged. Sensis Pty Ltd disclaims liability for any errors, omissions, viruses,
loss and/or damage arising from using, opening or transmitting this email. If you are not
the intended recipient you must not use, interfere with, disclose, copy or retain this email
and you should notify the sender immediately by return email or by contacting Sensis Pty Ltd
by telephone on [+61 3 8653 5000]
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message