JMeter playback of recording for logging on to websites never actually logs on to a website

Question

I use JMeter for API testing usually, and need now to use it for web app load testing (which I haven't done before), for which I need to log on to the app, verify I'm seeing the app entry page, and then log out.

However, whether I script the steps or I record on the browser (Firefox via proxy), the POST always returns the html document of the logon page with my usr/pwd values in it, meaning it did nothing apparently.

I already added a timer even (constant timer) but it only causes every single action to pause, and the POST doesn't seem to pause to receive the response which arrives immediately.

Let me show:

        <HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="POST LOGON CREDENTIALS" enabled="true">
        <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" enabled="true">
          <collectionProp name="Arguments.arguments">
            <elementProp name="username" elementType="HTTPArgument">
              <boolProp name="HTTPArgument.always_encode">true</boolProp>
              <stringProp name="Argument.name">username</stringProp>
              <stringProp name="Argument.value">${username}</stringProp>
              <stringProp name="Argument.metadata">=</stringProp>
              <boolProp name="HTTPArgument.use_equals">true</boolProp>
            </elementProp>
            <elementProp name="password" elementType="HTTPArgument">
              <boolProp name="HTTPArgument.always_encode">false</boolProp>
              <stringProp name="Argument.name">password</stringProp>
              <stringProp name="Argument.value">${password}</stringProp>
              <stringProp name="Argument.metadata">=</stringProp>
              <boolProp name="HTTPArgument.use_equals">true</boolProp>
            </elementProp>
            <elementProp name="return_to" elementType="HTTPArgument">
              <boolProp name="HTTPArgument.always_encode">true</boolProp>
              <stringProp name="Argument.name">return_to</stringProp>
              <stringProp name="Argument.value">https://dashboard2.xxx.com</stringProp>
              <stringProp name="Argument.metadata">=</stringProp>
              <boolProp name="HTTPArgument.use_equals">true</boolProp>
            </elementProp>
            <elementProp name="formtoken" elementType="HTTPArgument">
              <boolProp name="HTTPArgument.always_encode">false</boolProp>
              <stringProp name="Argument.name">formtoken</stringProp>
              <stringProp name="Argument.value"></stringProp>
              <stringProp name="Argument.metadata">=</stringProp>
              <boolProp name="HTTPArgument.use_equals">true</boolProp>
            </elementProp>
            <elementProp name="loginToken" elementType="HTTPArgument">
              <boolProp name="HTTPArgument.always_encode">false</boolProp>
              <stringProp name="Argument.name">loginToken</stringProp>
              <stringProp name="Argument.value"></stringProp>
              <stringProp name="Argument.metadata">=</stringProp>
              <boolProp name="HTTPArgument.use_equals">true</boolProp>
            </elementProp>
          </collectionProp>
        </elementProp>
        <stringProp name="HTTPSampler.domain">login.xxx.com</stringProp>
        <stringProp name="HTTPSampler.port">443</stringProp>
        <stringProp name="HTTPSampler.protocol"></stringProp>
        <stringProp name="HTTPSampler.contentEncoding">UTF-8</stringProp>
        <stringProp name="HTTPSampler.path">/</stringProp>
        <stringProp name="HTTPSampler.method">POST</stringProp>
        <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
        <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
        <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
        <boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
        <boolProp name="HTTPSampler.image_parser">true</boolProp>
        <stringProp name="HTTPSampler.embedded_url_re"></stringProp>
        <stringProp name="HTTPSampler.connect_timeout"></stringProp>
        <stringProp name="HTTPSampler.response_timeout"></stringProp>
      </HTTPSamplerProxy>

So I'm kinda frustrated here.

Is it I need to specify some sort of timer?

I added constant timer but it doesn't seem to have an effect on the POST response, which comes in immediately.

JMeter version is 5.4.3 actually.

Any help would be very appreciated.

Answer 1

found out the reason: the "formtoken" from the initial logon page load, which changes every load, has to be included on the POST as parameter!! These 2 videos (one got from blazemeter, the other one I found it on my own since the first on doesn't say how to determine/extract the formtoken) show:

1. How to determine the name and CSS selector for the token (it's not always named "formtoken")
2. How to get the value as a JMeter variable to pass from the page load step to the POST step (where we actually need it)
3. How to add a CSS selector in order to do this.

https://www.youtube.com/watch?v=hGkrSFKcj10

https://www.youtube.com/watch?v=gTA1tG0XtVE

Answer 2

I don't think you will be able to successfully replay recorded test, modern web applications widely use dynamic parameters for security reasons or client-side state tracking. Almost every website is using Cookies so make sure to add HTTP Cookie Manager to your test plan.

In your case formtoken and loginToken look suspicious so I think you need to inspect previous response and look for the values of these "tokens". Your test plan would be something like

1. Open Login Page
2. Extract dynamic values of formtoken and loginToken using a suitable JMeter Post-Processors and store them into JMeter Variables
3. Replace recorded values with the JMeter Variables from step 2

The process is known as correlation and there is a lot of information about it over the Internet.