Mailing-List: contact jmeter-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "JMeter Users List" <jmeter-user@jakarta.apache.org>
Received-SPF: pass (nike.apache.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: HTTP cookie manager and cross domain cookies
Date: Fri, 13 Mar 2009 13:28:58 +1100
Message-ID: 
 <EF17441B2B945E48BDB58A352C4942EC0A068BB8@C1-EXG-VS1.corp.org.local>
In-Reply-To: <25aac9fc0903121829v237069fdqfb8c288207ab4098@mail.gmail.com>
Thread-Topic: HTTP cookie manager and cross domain cookies
Thread-Index: Acmje07Z4DJ0H0boSVyyykXYyqpwQQAB8j1w
References: 
 <EF17441B2B945E48BDB58A352C4942EC0A02472F@C1-EXG-VS1.corp.org.local>
 <25aac9fc0903110553k58f7b95ev45f3d77ce79bc7dd@mail.gmail.com>
 <EF17441B2B945E48BDB58A352C4942EC0A068422@C1-EXG-VS1.corp.org.local>
 <25aac9fc0903121829v237069fdqfb8c288207ab4098@mail.gmail.com>
From: "Asanov, Leo" <Leo.Asanov@sensis.com.au>
To: "JMeter Users List" <jmeter-user@jakarta.apache.org>

Thanks!
Is there any workaround I can use for the moment? Given that I can't
change amtst.sensis.com.au:50080/amserver/UI/Login (step 2) behaviour.

Cheers,
Leo=20

-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]=20
Sent: Friday, 13 March 2009 12:29 PM
To: JMeter Users List
Subject: Re: HTTP cookie manager and cross domain cookies

On 12/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
> >What cookies are sent at step 1?
>  >What cookies are returned from step 1?
>  >What cookies are sent in step 2?
>
>
> This is the behaviour I observe in JMeter
>  ___
>
>  Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
>  Cookies: JSESSIONID=3Dblah
>
>  Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
>  (no cookies are sent)
>
>  HTTP/1.1 302 Moved Temporarily
>  Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
>  Set-cookie: amlbcookie=3D01; Domain=3D.sensis.com.au; Path=3D/
>  Set-cookie: amlbcookie=3D01; Domain=3D.integrators.com; Path=3D/
>  Set-cookie: iPlanetDirectoryPro=3Dblah; Domain=3D.sensis.com.au; =
Path=3D/
>  Set-cookie: iPlanetDirectoryPro=3Dblah; Domain=3D.integrators.com; =
Path=3D/
>
>  Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
>  Cookies:
>  JSESSIONID=3Dblah; amlbcookie=3D01; iPlanetDirectoryPro=3Dblah;
>
>  HTTP/1.1 200 OK
>  home.html content
>
>  (The "iPlanetDirectoryPro" value is identical to the step 2.)
>  ___
>
>  This is what's happening in the browser.
>  ___
>
>  Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
>  Cookies: JSESSIONID=3Dblah
>
>  Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
>  (no cookies are sent)
>
>  HTTP/1.1 302 Moved Temporarily
>  Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
>  Set-cookie: amlbcookie=3D01; Domain=3D.sensis.com.au; Path=3D/
>  Set-cookie: amlbcookie=3D01; Domain=3D.integrators.com; Path=3D/
>  Set-cookie: iPlanetDirectoryPro=3Dblah; Domain=3D.sensis.com.au; =
Path=3D/
>  Set-cookie: iPlanetDirectoryPro=3Dblah; Domain=3D.integrators.com; =
Path=3D/
>
>  Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
>  Cookies: JSESSIONID=3Dblah
>
>  HTTP/1.1 302 Found
>  And the redirect to cross domain verification mechanism.
>
>  ___
>
>  So what's happening is that domain amtst.sensis.com.au is setting the
>  "iPlanetDirectoryPro" cookie for domain .integrators.com and that
>  doesn't work in the browser and works in JMeter. I wonder if that's
>  because the server sends 302 with further redirection to
>  .integrators.com at the step 2.

Thanks, that's a very clear description of what's happening.

It looks like the code just extracts all the cookies and stores them,
regardless of whether they are for the correct domain or not.

This will be fixed for the next release - thanks for reporting the
problem.

>  Cheers,
>  Leo
>
>
>  -----Original Message-----
>  From: sebb [mailto:sebbaz@gmail.com]
>  Sent: Wednesday, 11 March 2009 11:53 PM
>  To: JMeter Users List
>  Subject: Re: HTTP cookie manager and cross domain cookies
>
>  On 11/03/2009, Asanov, Leo <Leo.Asanov@sensis.com.au> wrote:
>  >
>  >  Hi,
>  >
>  >  It appears that HTTP cookie manager allows cross domain cookies,
>  which
>  >  is different to the behaviour of the browsers. I'm writing a test
for
>  an
>  >  application, which is using Identity Management platform with
cross
>  >  domain single sign on. The chain of event is the following:
>  >
>  >
>  >
>  >  111.com - website domain
>  >
>  >  222.com - identity management domain (different to the first
domain)
>  >
>  >
>  >
>  >  1.      Login page on 111.com - sends request to 222.com with the
>  >  entered user credentials. 222.com sets cookies with authentication
>  >  information for both 222.com, and 111.com and redirects back to
>  111.com
>
>  So there is a cookie for 111.com?
>
>  >  2.      Since it's a different domain, the cookie for 111.com
isn't
>  set,
>  >  so it has to do a couple of redirects to check if the user is
>  authorised
>  >  to see the page and only then returns the page.
>  >
>  >
>  >
>  >  That's how it works in the browser. In JMeter I can clearly see
that
>  at
>  >  the step 2 cookies for domain 111.com are passed through and the
>  >  requested page is returned straight away. I tried different
"Cookie
>  >  policy" settings, didn't help.
>  >
>  >
>  >
>  >  I don't think that's how it supposed to work, can anyone comment
on
>  >  that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
>  >  redirects" and "Redirect automatically" turned off.
>  >
>
>  What cookies are sent at step 1?
>  What cookies are returned from step 1?
>  What cookies are sent in step 2?
>
>  You may change the names and values for privacy, but please don't
>  leave out any parts of the host name.
>
>  >
>  >  Cheers,
>  >
>  >  Leo
>  >
>  >
>  >
>  >  Sensis. Helping you find, buy and sell.
>  >
>  >  www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
>  www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
>  >
>  >  Sensis cares for the environment - think before you print.
>  >
>  >  This email and any attachments are intended only for the use of
the
>  recipient and may be confidential and/or legally privileged. Sensis
Pty
>  Ltd disclaims liability for any errors, omissions, viruses, loss
and/or
>  damage arising from using, opening or transmitting this email. If you
>  are not the intended recipient you must not use, interfere with,
>  disclose, copy or retain this email and you should notify the sender
>  immediately by return email or by contacting Sensis Pty Ltd by
telephone
>  on [+61 3 8653 5000]
>
>
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>  For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org