JMeter authorization with CSRF Token fails (401 error)

0
votes

I'm fairly new to JMeter so I've got stuck on the most obvious scenario - log in.

I've recorded the scenario via jmeter, and there were 3 send parameters on log in: username, password and CSRF-Token, so I have next scenario:

  • Load login page (GET) + Regular expression extractor (receiving CSRF token from cookies)
  • POST username, password and csrf-token received in the previous step

But still I receive a 'CSRF token is missing' in logs despite that it's sent in parameters. Seems like I send not enough cookies, but I simply don't know how to send more :D

And the second problem: I receive set of tokens divided with ':' and on actual log in, it takes one of the tokens from the list. How can I do the same? Currently, I'm taking only the 1st CSRF token from the set.

1
cookiesjmeterauthorizationcsrf

1 Answers

0
votes

Here are a couple of things to try: With cookies, make sure you have an HTTP Cookie Manager set globally in your Test Plan. If you need to put that value in your post, then you can reference it with a cookie prefix ${COOKIE_cookieName} where cookieName is the name of your cookie. BUT, for this to work, you need to have this property in the properties file set: CookieManager.save.cookies=true

Also, make sure that you specify in your post whether the variable with your cookie value needs to be encoded or not. I'm not sure if JMeter stores the cookies URL encoded or not.

However, if the cookie is not a required parameter, the HTTP Cookie Manager will pass any needed cookies automatically.