Hi @Salmacis,
Welcome aboard!
Your issue lie in the fact that both request manipulating the sesState attribute are at the same level of resources.
That mean they should be handled in parallel.
My question is: why did you put them in resources?
My understanding for your scenario is (for one virtual user):
- get the home page (
request_0) - get the authorization (
1-authorization-someUrl) and save thesesState - use that
sesStateto perform other things (2-authorization-someUrl)
So, there are different steps.
private ScenarioBuilder scn = scenario("SomeScenario")
.exec(
http("request_0")
.get(SomeUri + "/")
.headers(someHeaders_0))
.exec(
http("1-authorization-someUrl")
.get("/oauth2/authorization/someUri?")
.headers(someHeaders_1)
.disableFollowRedirect()
.check(
headerRegex("location", statePattern.toString()).saveAs("sesState"),
headerRegex("location", noncePattern.toString()).saveAs("sesNonce"),
status().is(302))
).exec(
http("2-authorization-someUrl") //this is actually an automatically generated redirect
.get("someRedirectedUrl/&state=#{sesState}&nonce=#{sesNonce}")
.headers(someHeaders_1)
.disableFollowRedirect()
.check(
headerRegex("Location", acr_sigPattern.toString()).saveAs("sesAcrSig"),
status().is(302))
);
WDYT?
Cheers!