jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asanov, Leo" <Leo.Asa...@sensis.com.au>
Subject RE: HTTP cookie manager and cross domain cookies
Date Thu, 12 Mar 2009 06:05:58 GMT
>What cookies are sent at step 1?
>What cookies are returned from step 1?
>What cookies are sent in step 2?

This is the behaviour I observe in JMeter
___

Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
Cookies: JSESSIONID=blah

Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
(no cookies are sent)

HTTP/1.1 302 Moved Temporarily
Location: http://samplesite.integrators.com:80/Samplesite/home.html

Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/

Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
Cookies:
JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;

HTTP/1.1 200 OK
home.html content

(The "iPlanetDirectoryPro" value is identical to the step 2.)
___

This is what's happening in the browser.
___

Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
Cookies: JSESSIONID=blah

Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
(no cookies are sent)

HTTP/1.1 302 Moved Temporarily
Location: http://samplesite.integrators.com:80/Samplesite/home.html

Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/

Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
Cookies: JSESSIONID=blah

HTTP/1.1 302 Found
And the redirect to cross domain verification mechanism.

___

So what's happening is that domain amtst.sensis.com.au is setting the
"iPlanetDirectoryPro" cookie for domain .integrators.com and that
doesn't work in the browser and works in JMeter. I wonder if that's
because the server sends 302 with further redirection to
.integrators.com at the step 2.

Cheers,
Leo

-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com] 
Sent: Wednesday, 11 March 2009 11:53 PM
To: JMeter Users List
Subject: Re: HTTP cookie manager and cross domain cookies

On 11/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
>
>  Hi,
>
>  It appears that HTTP cookie manager allows cross domain cookies,
which
>  is different to the behaviour of the browsers. I'm writing a test for
an
>  application, which is using Identity Management platform with cross
>  domain single sign on. The chain of event is the following:
>
>
>
>  111.com - website domain
>
>  222.com - identity management domain (different to the first domain)
>
>
>
>  1.      Login page on 111.com - sends request to 222.com with the
>  entered user credentials. 222.com sets cookies with authentication
>  information for both 222.com, and 111.com and redirects back to
111.com

So there is a cookie for 111.com?

>  2.      Since it's a different domain, the cookie for 111.com isn't
set,
>  so it has to do a couple of redirects to check if the user is
authorised
>  to see the page and only then returns the page.
>
>
>
>  That's how it works in the browser. In JMeter I can clearly see that
at
>  the step 2 cookies for domain 111.com are passed through and the
>  requested page is returned straight away. I tried different  "Cookie
>  policy" settings, didn't help.
>
>
>
>  I don't think that's how it supposed to work, can anyone comment on
>  that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
>  redirects" and "Redirect automatically" turned off.
>

What cookies are sent at step 1?
What cookies are returned from step 1?
What cookies are sent in step 2?

You may change the names and values for privacy, but please don't
leave out any parts of the host name.

>
>  Cheers,
>
>  Leo
>
>
>
>  Sensis. Helping you find, buy and sell.
>
>  www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
>
>  Sensis cares for the environment - think before you print.
>
>  This email and any attachments are intended only for the use of the
recipient and may be confidential and/or legally privileged. Sensis Pty
Ltd disclaims liability for any errors, omissions, viruses, loss and/or
damage arising from using, opening or transmitting this email. If you
are not the intended recipient you must not use, interfere with,
disclose, copy or retain this email and you should notify the sender
immediately by return email or by contacting Sensis Pty Ltd by telephone
on [+61 3 8653 5000]

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


Mime
View raw message