You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by "Asanov, Leo" <Le...@sensis.com.au> on 2009/03/11 07:38:28 UTC
HTTP cookie manager and cross domain cookies
Hi,
It appears that HTTP cookie manager allows cross domain cookies, which
is different to the behaviour of the browsers. I'm writing a test for an
application, which is using Identity Management platform with cross
domain single sign on. The chain of event is the following:
111.com - website domain
222.com - identity management domain (different to the first domain)
1. Login page on 111.com - sends request to 222.com with the
entered user credentials. 222.com sets cookies with authentication
information for both 222.com, and 111.com and redirects back to 111.com
2. Since it's a different domain, the cookie for 111.com isn't set,
so it has to do a couple of redirects to check if the user is authorised
to see the page and only then returns the page.
That's how it works in the browser. In JMeter I can clearly see that at
the step 2 cookies for domain 111.com are passed through and the
requested page is returned straight away. I tried different "Cookie
policy" settings, didn't help.
I don't think that's how it supposed to work, can anyone comment on
that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
redirects" and "Redirect automatically" turned off.
Cheers,
Leo
Sensis. Helping you find, buy and sell.
www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au - www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
Sensis cares for the environment - think before you print.
This email and any attachments are intended only for the use of the recipient and may be confidential and/or legally privileged. Sensis Pty Ltd disclaims liability for any errors, omissions, viruses, loss and/or damage arising from using, opening or transmitting this email. If you are not the intended recipient you must not use, interfere with, disclose, copy or retain this email and you should notify the sender immediately by return email or by contacting Sensis Pty Ltd by telephone on [+61 3 8653 5000]
Re: HTTP cookie manager and cross domain cookies
Posted by sebb <se...@gmail.com>.
On 13/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> Thanks!
> Is there any workaround I can use for the moment? Given that I can't
> change amtst.sensis.com.au:50080/amserver/UI/Login (step 2) behaviour.
>
If you are willing to try a nightly build, I put a fix into SVN which
is in builds after r753086. This should stop cross-domain cookies from
being stored.
It is also possible to maniulate the cookie jar using a BeanShell
Post-Processor.
// Get the jar of cookies
cm=ctx.getCurrentSampler().getCookieManager();
jar=cm.getCookies();
// Loop through the cookies
iter = jar.iterator();
while (iter.hasNext()) {
cookie = iter.next().getObjectValue();
if (".integrators.com".equals(cookie.getDomain())){
iter.remove();
}
}
This does not take account of cookies for ".integrators.com" that may
previously have been legitimately added to the jar. You might need to
narrow the match using the cookie name as well.
See the Javadocs for methods you can call on the objects:
http://jakarta.apache.org/jmeter/api/index.html
e.g.
http://jakarta.apache.org/jmeter/api/org/apache/jmeter/protocol/http/control/Cookie.html
> Cheers,
> Leo
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
>
> Sent: Friday, 13 March 2009 12:29 PM
> To: JMeter Users List
> Subject: Re: HTTP cookie manager and cross domain cookies
>
> On 12/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> > >What cookies are sent at step 1?
> > >What cookies are returned from step 1?
> > >What cookies are sent in step 2?
> >
> >
> > This is the behaviour I observe in JMeter
> > ___
> >
> > Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> > Cookies: JSESSIONID=blah
> >
> > Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
> > (no cookies are sent)
> >
> > HTTP/1.1 302 Moved Temporarily
> > Location: http://samplesite.integrators.com:80/Samplesite/home.html
> >
> > Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> > Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> > Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> > Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
> >
> > Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> > Cookies:
> > JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;
> >
> > HTTP/1.1 200 OK
> > home.html content
> >
> > (The "iPlanetDirectoryPro" value is identical to the step 2.)
> > ___
> >
> > This is what's happening in the browser.
> > ___
> >
> > Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> > Cookies: JSESSIONID=blah
> >
> > Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
> > (no cookies are sent)
> >
> > HTTP/1.1 302 Moved Temporarily
> > Location: http://samplesite.integrators.com:80/Samplesite/home.html
> >
> > Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> > Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> > Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> > Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
> >
> > Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> > Cookies: JSESSIONID=blah
> >
> > HTTP/1.1 302 Found
> > And the redirect to cross domain verification mechanism.
> >
> > ___
> >
> > So what's happening is that domain amtst.sensis.com.au is setting the
> > "iPlanetDirectoryPro" cookie for domain .integrators.com and that
> > doesn't work in the browser and works in JMeter. I wonder if that's
> > because the server sends 302 with further redirection to
> > .integrators.com at the step 2.
>
> Thanks, that's a very clear description of what's happening.
>
> It looks like the code just extracts all the cookies and stores them,
> regardless of whether they are for the correct domain or not.
>
> This will be fixed for the next release - thanks for reporting the
> problem.
>
> > Cheers,
> > Leo
> >
> >
> > -----Original Message-----
> > From: sebb [mailto:sebbaz@gmail.com]
> > Sent: Wednesday, 11 March 2009 11:53 PM
> > To: JMeter Users List
> > Subject: Re: HTTP cookie manager and cross domain cookies
> >
> > On 11/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> > >
> > > Hi,
> > >
> > > It appears that HTTP cookie manager allows cross domain cookies,
> > which
> > > is different to the behaviour of the browsers. I'm writing a test
> for
> > an
> > > application, which is using Identity Management platform with
> cross
> > > domain single sign on. The chain of event is the following:
> > >
> > >
> > >
> > > 111.com - website domain
> > >
> > > 222.com - identity management domain (different to the first
> domain)
> > >
> > >
> > >
> > > 1. Login page on 111.com - sends request to 222.com with the
> > > entered user credentials. 222.com sets cookies with authentication
> > > information for both 222.com, and 111.com and redirects back to
> > 111.com
> >
> > So there is a cookie for 111.com?
> >
> > > 2. Since it's a different domain, the cookie for 111.com
> isn't
> > set,
> > > so it has to do a couple of redirects to check if the user is
> > authorised
> > > to see the page and only then returns the page.
> > >
> > >
> > >
> > > That's how it works in the browser. In JMeter I can clearly see
> that
> > at
> > > the step 2 cookies for domain 111.com are passed through and the
> > > requested page is returned straight away. I tried different
> "Cookie
> > > policy" settings, didn't help.
> > >
> > >
> > >
> > > I don't think that's how it supposed to work, can anyone comment
> on
> > > that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
> > > redirects" and "Redirect automatically" turned off.
> > >
> >
> > What cookies are sent at step 1?
> > What cookies are returned from step 1?
> > What cookies are sent in step 2?
> >
> > You may change the names and values for privacy, but please don't
> > leave out any parts of the host name.
> >
> > >
> > > Cheers,
> > >
> > > Leo
> > >
> > >
> > >
> > > Sensis. Helping you find, buy and sell.
> > >
> > > www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
> > www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
> > >
> > > Sensis cares for the environment - think before you print.
> > >
> > > This email and any attachments are intended only for the use of
> the
> > recipient and may be confidential and/or legally privileged. Sensis
> Pty
> > Ltd disclaims liability for any errors, omissions, viruses, loss
> and/or
> > damage arising from using, opening or transmitting this email. If you
> > are not the intended recipient you must not use, interfere with,
> > disclose, copy or retain this email and you should notify the sender
> > immediately by return email or by contacting Sensis Pty Ltd by
> telephone
> > on [+61 3 8653 5000]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
RE: HTTP cookie manager and cross domain cookies
Posted by "Asanov, Leo" <Le...@sensis.com.au>.
Thanks!
Is there any workaround I can use for the moment? Given that I can't
change amtst.sensis.com.au:50080/amserver/UI/Login (step 2) behaviour.
Cheers,
Leo
-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]
Sent: Friday, 13 March 2009 12:29 PM
To: JMeter Users List
Subject: Re: HTTP cookie manager and cross domain cookies
On 12/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> >What cookies are sent at step 1?
> >What cookies are returned from step 1?
> >What cookies are sent in step 2?
>
>
> This is the behaviour I observe in JMeter
> ___
>
> Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> Cookies: JSESSIONID=blah
>
> Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
> (no cookies are sent)
>
> HTTP/1.1 302 Moved Temporarily
> Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
> Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>
> Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> Cookies:
> JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;
>
> HTTP/1.1 200 OK
> home.html content
>
> (The "iPlanetDirectoryPro" value is identical to the step 2.)
> ___
>
> This is what's happening in the browser.
> ___
>
> Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> Cookies: JSESSIONID=blah
>
> Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
> (no cookies are sent)
>
> HTTP/1.1 302 Moved Temporarily
> Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
> Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>
> Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> Cookies: JSESSIONID=blah
>
> HTTP/1.1 302 Found
> And the redirect to cross domain verification mechanism.
>
> ___
>
> So what's happening is that domain amtst.sensis.com.au is setting the
> "iPlanetDirectoryPro" cookie for domain .integrators.com and that
> doesn't work in the browser and works in JMeter. I wonder if that's
> because the server sends 302 with further redirection to
> .integrators.com at the step 2.
Thanks, that's a very clear description of what's happening.
It looks like the code just extracts all the cookies and stores them,
regardless of whether they are for the correct domain or not.
This will be fixed for the next release - thanks for reporting the
problem.
> Cheers,
> Leo
>
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: Wednesday, 11 March 2009 11:53 PM
> To: JMeter Users List
> Subject: Re: HTTP cookie manager and cross domain cookies
>
> On 11/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> >
> > Hi,
> >
> > It appears that HTTP cookie manager allows cross domain cookies,
> which
> > is different to the behaviour of the browsers. I'm writing a test
for
> an
> > application, which is using Identity Management platform with
cross
> > domain single sign on. The chain of event is the following:
> >
> >
> >
> > 111.com - website domain
> >
> > 222.com - identity management domain (different to the first
domain)
> >
> >
> >
> > 1. Login page on 111.com - sends request to 222.com with the
> > entered user credentials. 222.com sets cookies with authentication
> > information for both 222.com, and 111.com and redirects back to
> 111.com
>
> So there is a cookie for 111.com?
>
> > 2. Since it's a different domain, the cookie for 111.com
isn't
> set,
> > so it has to do a couple of redirects to check if the user is
> authorised
> > to see the page and only then returns the page.
> >
> >
> >
> > That's how it works in the browser. In JMeter I can clearly see
that
> at
> > the step 2 cookies for domain 111.com are passed through and the
> > requested page is returned straight away. I tried different
"Cookie
> > policy" settings, didn't help.
> >
> >
> >
> > I don't think that's how it supposed to work, can anyone comment
on
> > that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
> > redirects" and "Redirect automatically" turned off.
> >
>
> What cookies are sent at step 1?
> What cookies are returned from step 1?
> What cookies are sent in step 2?
>
> You may change the names and values for privacy, but please don't
> leave out any parts of the host name.
>
> >
> > Cheers,
> >
> > Leo
> >
> >
> >
> > Sensis. Helping you find, buy and sell.
> >
> > www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
> www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
> >
> > Sensis cares for the environment - think before you print.
> >
> > This email and any attachments are intended only for the use of
the
> recipient and may be confidential and/or legally privileged. Sensis
Pty
> Ltd disclaims liability for any errors, omissions, viruses, loss
and/or
> damage arising from using, opening or transmitting this email. If you
> are not the intended recipient you must not use, interfere with,
> disclose, copy or retain this email and you should notify the sender
> immediately by return email or by contacting Sensis Pty Ltd by
telephone
> on [+61 3 8653 5000]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTP cookie manager and cross domain cookies
Posted by sebb <se...@gmail.com>.
On 12/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> >What cookies are sent at step 1?
> >What cookies are returned from step 1?
> >What cookies are sent in step 2?
>
>
> This is the behaviour I observe in JMeter
> ___
>
> Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> Cookies: JSESSIONID=blah
>
> Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
> (no cookies are sent)
>
> HTTP/1.1 302 Moved Temporarily
> Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
> Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>
> Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> Cookies:
> JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;
>
> HTTP/1.1 200 OK
> home.html content
>
> (The "iPlanetDirectoryPro" value is identical to the step 2.)
> ___
>
> This is what's happening in the browser.
> ___
>
> Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
> Cookies: JSESSIONID=blah
>
> Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
> (no cookies are sent)
>
> HTTP/1.1 302 Moved Temporarily
> Location: http://samplesite.integrators.com:80/Samplesite/home.html
>
> Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
> Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
> Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
>
> Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
> Cookies: JSESSIONID=blah
>
> HTTP/1.1 302 Found
> And the redirect to cross domain verification mechanism.
>
> ___
>
> So what's happening is that domain amtst.sensis.com.au is setting the
> "iPlanetDirectoryPro" cookie for domain .integrators.com and that
> doesn't work in the browser and works in JMeter. I wonder if that's
> because the server sends 302 with further redirection to
> .integrators.com at the step 2.
Thanks, that's a very clear description of what's happening.
It looks like the code just extracts all the cookies and stores them,
regardless of whether they are for the correct domain or not.
This will be fixed for the next release - thanks for reporting the problem.
> Cheers,
> Leo
>
>
> -----Original Message-----
> From: sebb [mailto:sebbaz@gmail.com]
> Sent: Wednesday, 11 March 2009 11:53 PM
> To: JMeter Users List
> Subject: Re: HTTP cookie manager and cross domain cookies
>
> On 11/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
> >
> > Hi,
> >
> > It appears that HTTP cookie manager allows cross domain cookies,
> which
> > is different to the behaviour of the browsers. I'm writing a test for
> an
> > application, which is using Identity Management platform with cross
> > domain single sign on. The chain of event is the following:
> >
> >
> >
> > 111.com - website domain
> >
> > 222.com - identity management domain (different to the first domain)
> >
> >
> >
> > 1. Login page on 111.com - sends request to 222.com with the
> > entered user credentials. 222.com sets cookies with authentication
> > information for both 222.com, and 111.com and redirects back to
> 111.com
>
> So there is a cookie for 111.com?
>
> > 2. Since it's a different domain, the cookie for 111.com isn't
> set,
> > so it has to do a couple of redirects to check if the user is
> authorised
> > to see the page and only then returns the page.
> >
> >
> >
> > That's how it works in the browser. In JMeter I can clearly see that
> at
> > the step 2 cookies for domain 111.com are passed through and the
> > requested page is returned straight away. I tried different "Cookie
> > policy" settings, didn't help.
> >
> >
> >
> > I don't think that's how it supposed to work, can anyone comment on
> > that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
> > redirects" and "Redirect automatically" turned off.
> >
>
> What cookies are sent at step 1?
> What cookies are returned from step 1?
> What cookies are sent in step 2?
>
> You may change the names and values for privacy, but please don't
> leave out any parts of the host name.
>
> >
> > Cheers,
> >
> > Leo
> >
> >
> >
> > Sensis. Helping you find, buy and sell.
> >
> > www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
> www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
> >
> > Sensis cares for the environment - think before you print.
> >
> > This email and any attachments are intended only for the use of the
> recipient and may be confidential and/or legally privileged. Sensis Pty
> Ltd disclaims liability for any errors, omissions, viruses, loss and/or
> damage arising from using, opening or transmitting this email. If you
> are not the intended recipient you must not use, interfere with,
> disclose, copy or retain this email and you should notify the sender
> immediately by return email or by contacting Sensis Pty Ltd by telephone
> on [+61 3 8653 5000]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
RE: HTTP cookie manager and cross domain cookies
Posted by "Asanov, Leo" <Le...@sensis.com.au>.
>What cookies are sent at step 1?
>What cookies are returned from step 1?
>What cookies are sent in step 2?
This is the behaviour I observe in JMeter
___
Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
Cookies: JSESSIONID=blah
Step 2: POST to http://amtst.sensis.com.au:50080/amserver/UI/Login
(no cookies are sent)
HTTP/1.1 302 Moved Temporarily
Location: http://samplesite.integrators.com:80/Samplesite/home.html
Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
Cookies:
JSESSIONID=blah; amlbcookie=01; iPlanetDirectoryPro=blah;
HTTP/1.1 200 OK
home.html content
(The "iPlanetDirectoryPro" value is identical to the step 2.)
___
This is what's happening in the browser.
___
Step 1: GET http://samplesite.integrators.com/Samplesite/login.html
Cookies: JSESSIONID=blah
Step 2: POST http://amtst.sensis.com.au:50080/amserver/UI/Login
(no cookies are sent)
HTTP/1.1 302 Moved Temporarily
Location: http://samplesite.integrators.com:80/Samplesite/home.html
Set-cookie: amlbcookie=01; Domain=.sensis.com.au; Path=/
Set-cookie: amlbcookie=01; Domain=.integrators.com; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.sensis.com.au; Path=/
Set-cookie: iPlanetDirectoryPro=blah; Domain=.integrators.com; Path=/
Step 3: GET http://samplesite.integrators.com/Samplesite/home.html
Cookies: JSESSIONID=blah
HTTP/1.1 302 Found
And the redirect to cross domain verification mechanism.
___
So what's happening is that domain amtst.sensis.com.au is setting the
"iPlanetDirectoryPro" cookie for domain .integrators.com and that
doesn't work in the browser and works in JMeter. I wonder if that's
because the server sends 302 with further redirection to
.integrators.com at the step 2.
Cheers,
Leo
-----Original Message-----
From: sebb [mailto:sebbaz@gmail.com]
Sent: Wednesday, 11 March 2009 11:53 PM
To: JMeter Users List
Subject: Re: HTTP cookie manager and cross domain cookies
On 11/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
>
> Hi,
>
> It appears that HTTP cookie manager allows cross domain cookies,
which
> is different to the behaviour of the browsers. I'm writing a test for
an
> application, which is using Identity Management platform with cross
> domain single sign on. The chain of event is the following:
>
>
>
> 111.com - website domain
>
> 222.com - identity management domain (different to the first domain)
>
>
>
> 1. Login page on 111.com - sends request to 222.com with the
> entered user credentials. 222.com sets cookies with authentication
> information for both 222.com, and 111.com and redirects back to
111.com
So there is a cookie for 111.com?
> 2. Since it's a different domain, the cookie for 111.com isn't
set,
> so it has to do a couple of redirects to check if the user is
authorised
> to see the page and only then returns the page.
>
>
>
> That's how it works in the browser. In JMeter I can clearly see that
at
> the step 2 cookies for domain 111.com are passed through and the
> requested page is returned straight away. I tried different "Cookie
> policy" settings, didn't help.
>
>
>
> I don't think that's how it supposed to work, can anyone comment on
> that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
> redirects" and "Redirect automatically" turned off.
>
What cookies are sent at step 1?
What cookies are returned from step 1?
What cookies are sent in step 2?
You may change the names and values for privacy, but please don't
leave out any parts of the host name.
>
> Cheers,
>
> Leo
>
>
>
> Sensis. Helping you find, buy and sell.
>
> www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au -
www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
>
> Sensis cares for the environment - think before you print.
>
> This email and any attachments are intended only for the use of the
recipient and may be confidential and/or legally privileged. Sensis Pty
Ltd disclaims liability for any errors, omissions, viruses, loss and/or
damage arising from using, opening or transmitting this email. If you
are not the intended recipient you must not use, interfere with,
disclose, copy or retain this email and you should notify the sender
immediately by return email or by contacting Sensis Pty Ltd by telephone
on [+61 3 8653 5000]
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTP cookie manager and cross domain cookies
Posted by sebb <se...@gmail.com>.
On 11/03/2009, Asanov, Leo <Le...@sensis.com.au> wrote:
>
> Hi,
>
> It appears that HTTP cookie manager allows cross domain cookies, which
> is different to the behaviour of the browsers. I'm writing a test for an
> application, which is using Identity Management platform with cross
> domain single sign on. The chain of event is the following:
>
>
>
> 111.com - website domain
>
> 222.com - identity management domain (different to the first domain)
>
>
>
> 1. Login page on 111.com - sends request to 222.com with the
> entered user credentials. 222.com sets cookies with authentication
> information for both 222.com, and 111.com and redirects back to 111.com
So there is a cookie for 111.com?
> 2. Since it's a different domain, the cookie for 111.com isn't set,
> so it has to do a couple of redirects to check if the user is authorised
> to see the page and only then returns the page.
>
>
>
> That's how it works in the browser. In JMeter I can clearly see that at
> the step 2 cookies for domain 111.com are passed through and the
> requested page is returned straight away. I tried different "Cookie
> policy" settings, didn't help.
>
>
>
> I don't think that's how it supposed to work, can anyone comment on
> that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow
> redirects" and "Redirect automatically" turned off.
>
What cookies are sent at step 1?
What cookies are returned from step 1?
What cookies are sent in step 2?
You may change the names and values for privacy, but please don't
leave out any parts of the host name.
>
> Cheers,
>
> Leo
>
>
>
> Sensis. Helping you find, buy and sell.
>
> www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au - www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au
>
> Sensis cares for the environment - think before you print.
>
> This email and any attachments are intended only for the use of the recipient and may be confidential and/or legally privileged. Sensis Pty Ltd disclaims liability for any errors, omissions, viruses, loss and/or damage arising from using, opening or transmitting this email. If you are not the intended recipient you must not use, interfere with, disclose, copy or retain this email and you should notify the sender immediately by return email or by contacting Sensis Pty Ltd by telephone on [+61 3 8653 5000]
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org