Jmeter: Session fails(401) after login
851 views
Skip to first unread message
Rahul Pandey
Dec 22, 2016, 7:27:38 AM12/22/16
to JMeter Forum
Hello All,
I am trying to Login > Inbox(fetch inbox) > Log Out : Using Jmeter
Inbox(Fetch Inbox) - fails with 401 session expired message. Refer to the attached screenshot.
Please guide me how to resolve the issue. Refer to the screenshot for more details.
HOANG MINH Hien
Dec 22, 2016, 7:41:52 AM12/22/16
to JMeter Forum
Hi,
According to response code 401, it means that you are not able to login successfully to your website.
Please check the response data of your login request in order to confirm it.
Personally, I would say that when you launch the homepage URL, it will generate a cookie or an hidden key(token) which will be used in login request.
Regards.
Rahul Pandey
Dec 23, 2016, 4:19:24 AM12/23/16
to JMeter Forum
I have placed the Home page request, now 'Fetch Inbox' request failing with error '401 Response message: Unauthorized Access (XSRF).'
Refer to the attached screenshots.
Please guide
HOANG MINH Hien
Dec 25, 2016, 1:53:24 AM12/25/16
to JMeter Forum
Hi,
I would recommend that you could check the response data of Inbox against what is retrieved when you logins successfully into your application.
Personnally, Unauthorized Access (XSRF) means that the token which is stored at server and the ones sent to client site is not the same.
DT
Dec 25, 2016, 9:59:39 PM12/25/16
to JMeter Forum
Missing or incorrect correlation. You need to pass a dynamic token (it might be a part of the request body, a HTTP Header, Cookie, etc.) which you need to get from the first request, i.e:
- Login
- Extract CSRF Token
- Fetch Inbox (pass token value from the "Login" request
See How to Load Test CSRF-Protected Web Sites article for more details.
P.S. If your target is testing an email server (not its web interface) - you might want to use Mail Reader Sampler instead of the HTTP Requests.
Reply all
Reply to author
Forward
0 new messages