Case Study: JMeter Load Testing User Login with CSRF Token Protection

How to create a simple load test in JMeter

Create a Simple Test in JMeter

1. Include ‘HTTP Cookie Manager’ and ‘HTTP Header Manager’ in the new Test Plan

<meta name="csrf-token" content="EcuR9ZHJ1KBs0MKuVjD6k9OLe6mZyn1QCMo7ZiaWbZSa3xpPIbHbRweJIn-2vRFjgEoaNOhcxtbqf2XGnNtYAw" />
  • session[email],
  • session[password], test01
  • authenticity_token, ${authenticity_token}
    the value is extracted from the previous step.

Performance Testing

Set “Number of Threads (users)” (under Thread Group) to 1.

|Visit home page  | 1.003|
|Visit login page | 0.205|
|Login | 1.035|

Load Testing

Change the Number of Threads (users) to 1, 5, 10, 20, 50 and 100, then run the tests and get the average timings of the operations.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store