You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by "Ateles (Apache)" <at...@gmail.com> on 2015/04/12 19:37:39 UTC
sending “secure” cookies over insecure connections
Hi,
I have a rather special issue with https and session cookies.
In the JMeter test plan I use http (without SSL) despite the server
uses https. I use stunnel4 as external TLS/SSL enabler. I'm doing this
for two reasons:
a) JMeter has certificate checking disabled and accepts any invalid
certificate. But I need this security.
b) Enabling https in the JMeter sampler causes high CPU load and
results in low performance. I guess the reason lies in the crypto
library implementation of the openjdk-re. However, using stunnel gives
a significant performance boost.
But the web server is setting a session cookie with the “secure” flag
set, forbidding the cookie to be send over an insecure connection.
Since the JMeter test plan uses http only, the cookie doesn't get send
on subsequent requests and the rest of the test fails.
Is there any way, e.g. by a bean shell script, to remove the “secure”
flag from cookies and convince the cookie manager to send the cookies
over insecure connections? Any other ideas how to solve this problem?
Best regards,
@
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: sending “secure” cookies over insecure connections
Posted by Deepak Shetty <sh...@gmail.com>.
>Is there any way, e.g. by a bean shell script, to remove the “secure”
flag from cookies and convince the cookie manager to send the cookies
over insecure connections? Any other ideas how to solve this problem?
You could do it with beanshell pre processors- basically read the value of
the old cookie and then set it into the CookieManager as a new cookie over
http
snippet to add a new cookie ...youll have to go through the javadocs to see
how to read the secure cookie
import org.apache.jmeter.protocol.http.control .CookieManager;
import org.apache.jmeter.protocol.http.control.Cookie;
.....
Cookie cookie = new
Cookie("JSESSIONID",vars.get("jsessionid"),"localhost","/", false,-1);
CookieManager manager = sampler.getCookieManager();
manager.add(cookie);
On Sun, Apr 12, 2015 at 10:37 AM, Ateles (Apache) <
ateles.belzebuth.hybridus+apache@gmail.com> wrote:
> Hi,
>
> I have a rather special issue with https and session cookies.
> In the JMeter test plan I use http (without SSL) despite the server
> uses https. I use stunnel4 as external TLS/SSL enabler. I'm doing this
> for two reasons:
> a) JMeter has certificate checking disabled and accepts any invalid
> certificate. But I need this security.
> b) Enabling https in the JMeter sampler causes high CPU load and
> results in low performance. I guess the reason lies in the crypto
> library implementation of the openjdk-re. However, using stunnel gives
> a significant performance boost.
>
> But the web server is setting a session cookie with the “secure” flag
> set, forbidding the cookie to be send over an insecure connection.
> Since the JMeter test plan uses http only, the cookie doesn't get send
> on subsequent requests and the rest of the test fails.
> Is there any way, e.g. by a bean shell script, to remove the “secure”
> flag from cookies and convince the cookie manager to send the cookies
> over insecure connections? Any other ideas how to solve this problem?
>
> Best regards,
> @
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>