Cookie Behaviour

Gatling (Open-Source)
1

Hello,

I’m having some trouble with using cookies, and I’m hoping someone here can confirm my understanding of how Gatling handles them.

Using Chrome, I have generated a large HAR file that contains the following behavioir:

  • A log in to the web app with a POST. The captured response header contains a Set-Cookie containing a security token used for future requests.

  • This token appears as a cookie for all future requests to be authorised,

I’ve used the Recorder to convert the HAR into a test, and looking in the test there are no references to cookies being set. This is fine as looking at the Gatling documentation cookies are handles transparently. So far so good.

However, when I run the test, the calls that require the token comes back with 401 and 403 response codes.

I’ve tried adding the following to my test to see whether the cookie value is present…

.exec(session => {
val allCookies = session(“gatling.http.cookies”)
println("---- Cookies : " + allCookies)
session
})

…,but no cookie is present.

Can anyone give me some pointers as to what I’m doing wrong? The Set-Cookie response header should just work, right?

Cheers,

Jason Rainbird

2

Hi,

Which version of Gatling do you use?

Could you provide a sample of the Set-Cookie header, the url that serves it and the url you expect to get the Cookie header, please?

Cheers,

Stéphane

3

I’m on: Gatling 2.0.0-RC4

From the HAR then…

In the initial Log in POST request, here’s a snippet of the response…

“response”: {
“status”: 302,
“statusText”: “Found”,
“httpVersion”: “HTTP/1.1”,
“headers”: [
{
“name”: “Date”,
“value”: “Fri, 12 Sep 2014 14:29:51 GMT”
},
{
“name”: “X-AspNetMvc-Version”,
“value”: “3.0”
},
{
“name”: “Server”,
“value”: “Microsoft-IIS/7.5”
},
{
“name”: “X-AspNet-Version”,
“value”: “4.0.30319”
},
{
“name”: “X-Powered-By”,
“value”: “ASP.NET
},
{
“name”: “Content-Type”,
“value”: “text/html; charset=utf-8”
},
{
“name”: “Location”,
“value”: “/”
},
{
“name”: “Cache-Control”,
“value”: “private”
},
{
“name”: “Set-Cookie”,
“value”: “AuthKey=JJRo-CkKx5aZsVo9DkXRhGnghba_I9ai8Enmy306olOVeVp4qlvtBIfMN6AuiyRWpZ3PlO-4tEyGrD0moSrd7g; path=/”
},
{
“name”: “Content-Length”,
“value”: “118”
}
],
“cookies”: [
{
“name”: “AuthKey”,
“value”: “JJRo-CkKx5aZsVo9DkXRhGnghba_I9ai8Enmy306olOVeVp4qlvtBIfMN6AuiyRWpZ3PlO-4tEyGrD0moSrd7g”,
“path”: “/”,
“expires”: null,
“httpOnly”: false,
“secure”: false
}
]

…where AuthKey is the cookie I’m interested in.

Still in the HAR file, here’s a future call where this is used:

{
“startedDateTime”: “2014-09-12T14:29:52.196Z”,
“time”: 1773.4999656677246,
“request”: {
“method”: “GET”,
“url”: “OUR URL HERE REMOVED FROM THIS EXAMPLE”,
“httpVersion”: “HTTP/1.1”,
“headers”: [
{
“name”: “Accept-Encoding”,
“value”: “gzip,deflate,sdch”
},
{
“name”: “Host”,
“value”: “10.186.60.100:85”
},
{
“name”: “Accept-Language”,
“value”: “en-GB,en-US;q=0.8,en;q=0.6”
},
{
“name”: “User-Agent”,
“value”: “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36”
},
{
“name”: “Accept”,
“value”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8”
},
{
“name”: “Referer”,
“value”: “REDACTED URL AS THIS IS AN EXAMPLE”
},
{
“name”: “Cookie”,
“value”: “ASP.NET_SessionId=ikwcdl5igx11rsbzxaxxitwt; .ASPXAUTH=B2480671121B9B2D19D5978B99468138E6895C19B65C267175FADAA9761FE0B1744C58FC4A098866C274170A506CD9BAEA9B44B9F8A94268525E8788FE883CA4AC0B0C60126ECE7D18FC4E4F0F6E8DD38297AE3BD1090F968A9478105AB876DD; __utma=58869677.1896549843.1410524728.1410527132.1410528232.3; __utmb=58869677.14.9.1410532077718; __utmc=58869677; __utmz=58869677.1410524728.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthKey=JJRo-CkKx5aZsVo9DkXRhGnghba_I9ai8Enmy306olOVeVp4qlvtBIfMN6AuiyRWpZ3PlO-4tEyGrD0moSrd7g”
},
{
“name”: “Connection”,
“value”: “keep-alive”
},
{
“name”: “Cache-Control”,
“value”: “max-age=0”
}
],
“queryString”: [],
“cookies”: [
{
“name”: “ASP.NET_SessionId”,
“value”: “ikwcdl5igx11rsbzxaxxitwt”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “.ASPXAUTH”,
“value”: “B2480671121B9B2D19D5978B99468138E6895C19B65C267175FADAA9761FE0B1744C58FC4A098866C274170A506CD9BAEA9B44B9F8A94268525E8788FE883CA4AC0B0C60126ECE7D18FC4E4F0F6E8DD38297AE3BD1090F968A9478105AB876DD”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “__utma”,
“value”: “58869677.1896549843.1410524728.1410527132.1410528232.3”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “__utmb”,
“value”: “58869677.14.9.1410532077718”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “__utmc”,
“value”: “58869677”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “__utmz”,
“value”: “58869677.1410524728.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)”,
“expires”: null,
“httpOnly”: false,
“secure”: false
},
{
“name”: “AuthKey”,
“value”: “JJRo-CkKx5aZsVo9DkXRhGnghba_I9ai8Enmy306olOVeVp4qlvtBIfMN6AuiyRWpZ3PlO-4tEyGrD0moSrd7g”,
“expires”: null,
“httpOnly”: false,
“secure”: false
}
],
“headersSize”: 991,
“bodySize”: 0
},
“response”: {
“status”: 200,
“statusText”: “OK”,
“httpVersion”: “HTTP/1.1”,
…blah blah blah

In the test, the log in form POST looks something like this…

.exec(http(“request_23”)
.post("""/Account/LogOn/Url/Defined/Here""")
.headers(headers_23)

.pause(1)

…and I would have expected any future calls in this session to use any and all cookie data returned from this call.

Is that right?

4

Actually, there’s a chance that your problem doesn’t have anything to do with cookies.
You might hit this: https://github.com/gatling/gatling/issues/2188

Could you try this snapshot, please: https://oss.sonatype.org/content/repositories/snapshots/io/gatling/highcharts/gatling-charts-highcharts/2.0.0-SNAPSHOT/gatling-charts-highcharts-2.0.0-20140915.133627-60-bundle.zip

We’re about to release RC5, so it would be great :slight_smile:

5

Disappointingly, I get the same issue.

I’ve recreated the test using the snapshot version of the Recorder and rerun the test with the snapshot version of Gatling.

6

I can’t reproduce so far.
This issue has probably something to do with the urls you didn’t provide. Could you just change the domain name, and yet provide the path and the query, please?

7

Certainly. We’re testing on a local server.

The first HAR snippet contained nothing clever. It looks like this…

“request”: {
“method”: “GET”,
“url”: “http://10.186.60.100:85/”,
“httpVersion”: “HTTP/1.1”,
“headers”: [

The referer snippet looks like this…

{
“name”: “Accept”,
“value”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8”
},
{
“name”: “Referer”,
“value”: “http://10.186.60.100:85/Account/LogOn?ReturnUrl=%2F
},
{

The test logon form looks like this…

val headers_23 = Map(
“”“Accept”"" → “”“text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8"”",
“”“Accept-Encoding”"" → “”“gzip,deflate”"",
“”“Cache-Control”"" → “”“max-age=0"”",
“”“Origin”"" → “”“http://10.186.60.100:85"”")

.exec(http(“request_23”)
.post("""/Account/LogOn?ReturnUrl=%2F""")
.headers(headers_23)
.formParam(""“Login”"", “”“UserNameValue”"")
.formParam(""“Password”"", “”“PasswordValue”"")
.pause(20)

Is that what you were asking for?

8

Could you turn logging to TRACE in conf/logback.xml and provide the logs, please?
You can DM if you want.

9

I’ve attempted to respond directly. Google groups returned an error, so I’ll try again with individual attachments.

10

Try slandelle@gatling.io