Case Study: JMeter Load Testing User Login with CSRF Token Protection

How to create a simple load test in JMeter

Create a Simple Test in JMeter

1. Include ‘HTTP Cookie Manager’ and ‘HTTP Header Manager’ in the new Test Plan

<meta name="csrf-token" content="EcuR9ZHJ1KBs0MKuVjD6k9OLe6mZyn1QCMo7ZiaWbZSa3xpPIbHbRweJIn-2vRFjgEoaNOhcxtbqf2XGnNtYAw" />
  • session[email], driving@biz.com
  • session[password], test01
  • authenticity_token, ${authenticity_token}
    the value is extracted from the previous step.

Performance Testing

Set “Number of Threads (users)” (under Thread Group) to 1.

|Visit home page  | 1.003|
|Visit login page | 0.205|
|Login | 1.035|

Load Testing

Change the Number of Threads (users) to 1, 5, 10, 20, 50 and 100, then run the tests and get the average timings of the operations.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store