I'd probably check http only CSRF cookies. https://en.wikipedia.org/wiki/HTTP_c...ttpOnly_cookie
Originally Posted by sssuchy1995
These are generally use to prevent cross site attacks by creating a shared secret that is not interpreted by the browser.
I think I know what's wrong. For some reason you're using /bank/main.aspx in "Path" input, and looking into Firebug you should be sending request to /bank/login.aspx endpoint.
- You change Path to /bank/login.aspx
- You have HTTP Cookie Manager added to Test Plan and enabled.
- Request to strona do logowania is executed before po zalogowaniu
Screen Shot 2016-07-20 at 13.13.32.jpg
In general it might be easier to record test "skeleton" instead of manually building the requests in order to avoid issues like your one. See Apache JMeter Proxy Step by Step guide for detailed instructions.
Also you can try out a 3rd-party cloud-based recording service, using it you don't need to worry about proxies, SSL certificates, browser configuration, etc. Moreover, it has "SmartJMX" mode - automatic correlation of any dynamic parameters so you won't have to struggle with regular expressions, etc. See How to Cut Your JMeter Scripting Time by 80% article for details.
Thankjs a lot.
To record this session I used JMeter recorder as you can see ther is Recording Controller. That is why I am surprised that changing path to /bank/login.aspx as you advised solved this problem. Despite using JMeter Recorder it doesn't remember entered login or password, it must be typed manually. This is big flaw. Unless there is an option to make JMeter remerber that. If so give me a sign.
are you sure that the site isn't using another form of authentication, such as CSRF or BASIC ?
have you tried using Firefox Developer Tools (F12 > Network tab) to manually build your HTTP Request for Login ?
the HTTP(S) Recorder isn't perfect but i wouldn't call it flawed