I have a web app. To work it usestwo server:
Application server (based on Delphi datasnap) SERV_A
WebServer apache SERV_W
These are the user steps:
STEP1 Login
The user call index page from SERV_W, write user and password and call a procedure by HTTP POST to SERV_A. SERV_A respond by a session_id passed by a Cookie (response header has Set-Cookie: sessionid=123456)
STEP2 Get url list
The user call another SERV_A procedure by HTTP GET to retrieve a list of url
For example an url is: http://host_serv_a:port/datasnap/rest/TServerMethods1/getPDF/003
STEP3 Click on a link
The user sees a list of link and click on one of those.
Automatically the browser do an HTTP GET to retrieve the resource to SERV_A.
Ok, this is my problem:
On STEP3 SERV_A want the sessionId, passed in a cookie but the browser never send the cookie. Why? My browser (Chrome) don't have limitation to manage cookie.
I have found a solution here https://divshot.com/blog/static-apps/cookies-and-cors/ (Web Standards Are Awesome)
To manage cookies correctly server and client have to agree:
Client: set withCredentials option to true in the ajax call
Server: set Access-Control-Allow-Credentials: true header in the response
Related
I am new to RESTful services testing and got stuck where to establish connection to end point I need to pass Cookie. I have the parameter and Value but not sure how to pass Cookie manually (not through header or Groovy script) while hitting request.
TL;DR
Cookies are nothing but a header with a name cookie and header-value in a format name=value; anothername=anothervalue; yetanotherone=yetanothervalue;, as far as an http-request is concerned
Read On
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
The Cookie HTTP request header contains stored HTTP cookies previously
sent by the server with the Set-Cookie header.
The Cookie header is optional and may be omitted if, for example, the
browser's privacy settings block cookies.
How to send Cookie
Just like any other header. Only condition is, Header name should be cookie and Header-value should be in name=value; anothername=anothervalue; yetanotherone=yetanothervalue; format.
Curl
curl -v --cookie "USER_TOKEN=my-most-secure-session-id" http://localhost:8080/
If you want your curl to read the cookie file and send it
use curl -c /path/to/cookiefile http://yourhost/
More here : https://curl.haxx.se/docs/http-cookies.html
How to send it using SoapUI
Sending cookie as request header in SOAP UI request for rest web service
Establish User session (Login) using chrome or firefox and goto the developer tab and copy the cookie value and send that along with your soapUI request as a header. (Congrats, you are hijacking your own session)
For any test that you need to pass the cookie around, in soapUI, go to the testcase options and turn on "maintain HTTP session".
http://www.soapui.org/soapui-projects/form-based-authentication.html
This is my google chrome developer tab which shows stackoverflow page's requestheaders
Just send the http header
Cookie: name=value
To the server
I am attempting to Login to my app with JMeter Script.
I have Cookie Manager and a Cache Manager added
My Thread Group script
GET on main login page (/app) to return session id and form fields
and cookie
POST of completed form fields with cookie (/posthandler) with "follow redirects
What happens is
POST sends initial cookie (from GET) and form fields and logs in ok
the session is established (I see a record in our app database)
the response is a redirect with a new cookie
JMeter redirects (GET) to the session url (/app?session=xxxxx)
this goes with "[no cookies]" (according to request panel)
As that request arrives without the new cookies - the app issues a second redirect back to the login page.
So is there a way to force the GET Redirect after the POST response to send the cookie?
My theory is that JMeter is that, because of the different URI path for the POST and redirect GET, JMeter is not sending the cookie.
I have tried
various Cookie Manager settings (standard, default, compatibility).
followed this Understanding and Using JMeter Cookie Manager and set check.cookies=false.
and advice SO - JMeter: Login flow involving URL redirection not working including making sure there was an init
My problem was self-inflicted !
I was running against a different environment than usual which had a different context root e.g. /test/app rather than /app. For this I amended my ${Domain} User parameter with "my.domain.com/test" rather than adjust all the Path settings.
For requests sent this approach appeared to work as the ${Domain}+${Path} resolved to the correct URL - but the Cookies created by the server were for ${Path} (as in /test/app) and JMeter was seeing this differently (as in /app).
I have now introduced a ${CtxRoot} User variable (set to /test/) and prepended this to all my Path values - and my Login is now working.
Requirement : Our application needs to support same user opening our web application as separated session.
The problem is not how to use cookies in angular 2, but how can sever get cookie from HTTPServletRequest object when angular 2 application makes a rest call to server.
Implementation: Server side restful application has one filter to set user's browser session in cookie and then in HttpServletResponse. Angular client is making one call upon application bootstrap, which is going through server filter to set user's browser session in cookie.
Problem statement: angular client is making first rest call which goes through server filter to set the browser session cookie. When i open chrome developer tool, i do see that rest api response has "set-cookie" which has cookie set by server, but when i open the application tag in developer tool, i do not see any cookie set.
After that if I make any other rest call through angular application, it does not send the cookie in either request or request headers. Now, our application rest api depends on this cookie value to be present in HttpServletRequest and now it is failing.
Can someone please guide me here? I must have done something wrong on angular 2 application side, which i am not able to catch.
I have tried passing "withCredentials =true", but no change.
Another thing I noticed, if i make "GET" request, then i do see cookie in request header, but for "POST" request, I do not see anything for cookie.
Please advice.
server side code to set cookie
String uniqueId = RandomStringUtils.randomAlphanumeric(32);
Cookie userSessionCookie = new Cookie("userSessionId", uniqueId);
if (getDefaultDomain() != null) {
userSessionCookie.setDomain(getDefaultDomain());
}
httpServletResponse.addCookie(userSessionCookie); httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true"); httpServletResponse.addHeader("access-control-allow-methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
httpServletResponse.addHeader("Access-Control-Allow-Headers", "Content-Type, token,withCredentials");
angular 2 post request which expects server to get cookie from HttpServletRequest
renderFF() {
//prepare renderFInput object
var fcRenderInput = {};
let headers = new Headers({ 'Content-Type': 'application/json' });
let options = new RequestOptions({ headers: headers, withCredentials: true
});
this._http.post('/api/v1/render/feature/fc',fcRenderInput,options)
.subscribe((res) => {
console.log(res.json());
});
}
Just a suggestion if this is about only one browser and multiple tabs, in this case you can use the local storage while setting some flag in it. Also when you try to open the same application in the new tab. you check if the flag is there and user is trying to open the same web application in some other tab of the same browser. You also need to delete the local storage you had set after some point.
I hope if you can get some trick to solve this issue :)
I am trying to record a simple login and logout flow for a .Net application. After I submit the login credentials the welcome page's URL has a large alpha numeric number. This number is required to continue to the next steps.
On Fiddler I have noticed that the login credential submission request results in a 302 response and this response contain an a=129characterstring that i need in my subsequent requests.
On JMeter I have added a recording controller and on the HTTP(S) Test Script Recorder I have Follow Redirects and Use KeepAlive checked (See below screenshot)
I have also recorded with Follow Redirects unchecked and different options for Grouping and HTTP Sampler Settings.
But with none of them I am able to record/capture the 302 response that i see on fiddler. Instead the login credential submission request always returns a 200 response, even if the login fails.
It is not as if that JMeter is not recording redirect requests, further down the scenario flow I have another redirect request which is captured.
I can't be the only one who is/has faced this problem. Does anyone have any suggestions on what I should be doing differently to get the 302 response?
To do this:
Record with default options, the redirect Http Request triggered by 302 will be disabled by default.
Then you will need after this to uncheck "Follow Redirect" in the first one, and add a Regular Expression Post Processor to extract the data you want.
Then enable the commented second request and inject the extracted variable.
I have a Web Application in which I authorize using ACS. I want to execute a specific page using Fiddler, however I need the "FedAuth1" cookie set so the page doesn't get bounced back to authentication.
Example:
Cookie: FedAuth1 = xyz
Url to execute:
https://www.someapp.com/myapplication/order/list/
Result (because of lack of cookie):
https://www.someapp.com/myapplication/Authentication/SignIn
Can/How do I set this cookie in Fiddler before executing the request?
Your example looks exactly right, you can use the Cookie: HTTP header when making your request. So your Fiddler request window would look like this:
In case you want to test the API/url which have authentication enabled ,please try following , i am showing for MVC web API on IIS server. usually there are more than 1 cookie responsible for authorization ,so you may need to send more than 1 cookie in header as follows :
User-Agent: Fiddler
Host: localhost:51000
content-Type: application/json
Cookie : .ASPXAUTH=xxxxx;ASP.NET_SessionId=yyyy;__RequestVerificationToken=zzzz