I'm currently trying to load test an app that requires a login.
I've setup a cookie manager, and then I had to change the properties file to allow jmeter to send empty cookies - which this app requires for some reason.
I am still unable to login. While I had wanted to keep this test as "blackbox" as possible, I've had to peek inside a little and work with the developers to try to figure this out.
Currently, I am seeing a "authentication.exception.DigitalSignatureFailedException" in the application's log file when I try to login.
This exception means that when the server re-hashed the cookies, the signature did not match. It's used to prevent people from changing cookies to ge more access than they should.
The thing that confuses me is that the cookies that are set by the authentication manager are the same as the cookies being sent - including the signature. I copied them into a diff utility and made sure. The only difference was the session ID, which isn't used to creating the signature because the authentication manager runs in its own context.
The problem is that one of the cookies has a space in it's value. The legality of this is per RFCs is somewhat unclear, but most browsers allow it and it tends to work.
However, jmeter is truncating this cookie at the space.
How am I able to either force it to urlencode cookies or to leave the space in place?
I have had no problems with firefox and this app, and I know of others who successfully use it with Chrome. Use of IE is discouraged here, but it does work there as well.
I am at a loss as to what might be causing a change in the cookie, or why the server is expecting something different from what jmeter is sending.
I have even go so far as to change the cookie encoding in the jmeter property file, before explicitly setting it to use the default value of US-ASCII.
If anyone has any ideas on what to try, I would really appreciate it.