jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nmq <nmq0...@gmail.com>
Subject Re: CSRF
Date Wed, 19 Jun 2013 15:19:28 GMT
Yes, it changes.


On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <madhuvchandana@gmail.com>wrote:

> Does the below value in the script change for every session/login?
>
> 'f3e8822f-3b26-
> 48fd-b1ff-6c80742fe28f
>
> Thanks,
> Madhu
>
>
> On Wed, Jun 19, 2013 at 8:22 PM, nmq <nmq0607@gmail.com> wrote:
>
> > Hi All
> >
> > I've run into an issue. Our development team made some changes yesterday
> > and today I'm getting an error "Error 401--Unauthorized" response for an
> > HTTP request.
> >
> > I examined the responses in Fiddler and I noticed this in the head tag.
> >
> > <script type="text/javascript">
> > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> > </script>
> >
> >  I did some research on what CSRF is and found all kind of info on
> Django.
> > Also found a blog saying cookie manager should be able to handle this
> > authentication, by combining two elements.... by setting the save.cookie
> > property in jmeter to true and to reference the CSRF token in an HTTP
> > request.
> >
> > I've tried this solution and it doesn't seem to work. I'm still getting
> the
> > error.
> >
> > I've also been reading django documentation and trying to make sense of
> it
> > all. I would appreciate it if someone can help out and explain in simple
> > terms (I'm not a programmer) exactly how do I go about solving this
> issue.
> >
> > Any guidance would be highly appreciated.
> >
> > Thank you
> > Sam
> >
>
>
>
> --
> madhu kk
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message