I have recorded basic Apache Jmeter scenario with html login form which uses csrf tokens.
Sample token recorded by application looks as follows:
<input id="csrf_token" name="csrf_token" type="hidden" value="IjU5NzBhMmI3ODNjZGVjMGUwYmI2YTU4ZjRkMTk0MjI0MTg3OTJlNDAi.C8ecSA.PkvdB0aM2M0rfhSLcb_ktyeInfs">
Using Apache Jmeter Post Processor (REGEX) I am extracting value with the following expression:
input id="csrf_token" name="csrf_token" type="hidden" value="(.+?)"
Result is a success and value is assigned to CSRF_VALUE variable.
In the next step I am sending the token with login information to website, post data looks as follows:
username=username&password=password&csrf_token=IjU5NzBhMmI3ODNjZGVjMGUwYmI2YTU4ZjRkMTk0MjI0MTg3OTJlNDAi.C8ecSA.PkvdB0aM2M0rfhSLcb_ktyeInfs&submit=Zaloguj+si%C4%99
However website returns error that csrf tokens do not match. The only thing changed between recorded scenario and modified is extraction and placing csrf token in the follow up request. Every time I replay this scenario I check results and they show that csrf token received == csrf token sent. But login fails with the same error - csrf tokens do not match.
So far I can't get what is wrong, very simple scenario and yet there is a problem. I am using apache jmeter 3.1.
