Hi there - I have an sso cookie that is in a json format that is not being passed to my requests automatically. However, I see it when I run in debug mode.
–http-debug output:
Cookie: myco_sso={'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}
I also cannot see it when I read the response.cookies object, so I can’t manually store/use it.
For what it’s worth, I am able to capture the JSESSIONID cookie with response.cookies.
Cookie: JSESSIONID=4361943...D93F.auth-rc01-s03
I use other performance tools that are able to automatically pass this cookie, so I am wondering what the limitation is in k6.
Hi,
The only problem I can see is if you have double quotes which appears to be a golang “issue” which as far as I can see is not suppose to work by the RFC as well … so I dunno :).
Can you try with httpbin.org like
import http from "k6/http";
import { check, group } from "k6";
export let options = {
maxRedirects: 3
};
export default function() {
group("Simple cookies set with VU jar", function() {
// Since this request redirects the `res.cookies` property won't contain the cookies
let res = http.get("http://httpbin.org/cookies/set?name3=value3&name4=%7B'authToken'%3A'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'%7C'dataSessionTracker'%3A'A3bSF%2FysRP...WETXdc%3D'%7D");
check(res, {
"status is 200": (r) => r.status === 200
});
console.log(res.body);
// Make sure cookies have been added to VU cookie jar
let vuJar = http.cookieJar();
let cookiesForURL = vuJar.cookiesForURL(res.url);
console.log(JSON.stringify(cookiesForURL));
check(null, {
"vu jar has cookie 'name3'": () => cookiesForURL.name3.length > 0,
"vu jar has cookie 'name4'": () => cookiesForURL.name4.length > 0
});
});
}
But change the value for name4 to one that doesn’t work as I am using yours and it appears to work …
I can catch the sso_cookie on each request, but it is not getting passed automatically, as far as I can tell:
INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"]
INFO[0010] https://performance2.rc.myco.xyz/api/roles (200): 6553.901 ms
INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"]
INFO[0010] https://performance2.rc.myco.xyz/api/v3/users?fields[agent]=email,first_name,last_name,alias (401): 75.769 ms
INFO[0010] {
"error": "Error retrieving SSO Cookie, check presence"
}
INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"]
INFO[0010] https://performance2.rc.myco.xyz/api/chat (401): 74.84 ms
INFO[0010] {
"error": "Error retrieving SSO Cookie, check presence"
}
It seems to work for me …
import http from "k6/http";
import { check } from "k6";
export let options = {
maxRedirects: 3
};
export default function() {
// set cookies
let res = http.get("https://httpbin.org/cookies/set?name3=value3&name4=%7B'authToken'%3A'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'%7C'dataSessionTracker'%3A'A3bSF%2FysRP...WETXdc%3D'%7D");
// get cookies that we sent
res = http.get("https://httpbin.org/cookies");
// print those cookies
console.log(res.body);
// get cookies from the jar just to check
let vuJar = http.cookieJar();
let cookiesForURL = vuJar.cookiesForURL(res.url);
console.log(JSON.stringify(cookiesForURL));
check(null, {
"vu jar has cookie 'name3'": () => cookiesForURL.name3.length > 0,
"vu jar has cookie 'name4'": () => cookiesForURL.name4.length > 0
});
}
Gets me
execution: local
output: -
script: token.js
duration: -, iterations: 1
vus: 1, max: 1
INFO[0002] {
"cookies": {
"name3": "value3",
"name4": "{'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}"
}
}
INFO[0002] {"name3":["value3"],"name4":["{'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}"]}
done [==========================================================] 1 / 1
✓ vu jar has cookie 'name4'
✓ vu jar has cookie 'name3'
checks.....................: 100.00% ✓ 2 ✗ 0
data_received..............: 6.8 kB 6.3 kB/s
data_sent..................: 1.3 kB 1.2 kB/s
http_req_blocked...........: avg=157.26ms min=2.37µs med=3.78µs max=471.79ms p(90)=377.43ms p(95)=424.61ms
http_req_connecting........: avg=40.44ms min=0s med=0s max=121.32ms p(90)=97.05ms p(95)=109.19ms
http_req_duration..........: avg=205.27ms min=204.62ms med=204.69ms max=206.49ms p(90)=206.13ms p(95)=206.31ms
http_req_receiving.........: avg=70.72µs min=32.54µs med=47.8µs max=131.82µs p(90)=115.02µs p(95)=123.42µs
http_req_sending...........: avg=92.19µs min=18.63µs med=18.64µs max=239.28µs p(90)=195.16µs p(95)=217.22µs
http_req_tls_handshaking...: avg=99.88ms min=0s med=0s max=299.64ms p(90)=239.71ms p(95)=269.68ms
http_req_waiting...........: avg=205.11ms min=204.54ms med=204.56ms max=206.22ms p(90)=205.89ms p(95)=206.05ms
http_reqs..................: 3 2.74701/s
iteration_duration.........: avg=1.09s min=1.09s med=1.09s max=1.09s p(90)=1.09s p(95)=1.09s
iterations.................: 1 0.91567/s
vus........................: 1 min=1 max=1
vus_max....................: 1 min=1 max=1
Are you certain it is not your api checking the wrong key or you not setting it for the correct path ?k6 will canonize cookie headers (slack chat link, sorry 
) so if your api is especting it as myco_sso it will get Myco_Sso ( I think 
)
That’s fine for that single request - I agree that we can see it. But why is the myco_sso cookie not used for subsequent requests? Do I have to manually add it to each request? That would seem to defeat the purpose of automatic cookie handling.
INFO[0005] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INFO[0005] Request:
INFO[0005] https://performance2.dev.myco.xyz/Platform/login
INFO[0005] Request headers:
INFO[0005] {"Content-Type":["application/x-www-form-urlencoded"],"User-Agent":["k6/0.24.0 (https://k6.io/)"],"Cookie":["JSESSIONID=7E36"]}
INFO[0005] Request cookies:
INFO[0005] {"JSESSIONID":["7E36"],"myco_sso":["{'authToken':'VNxxjHAf_PxKwLN6d45zmdpmeVw.*AAJTAAIwMw..*'|'dataSessionTracker':'A3bSF/ysRdsNJXdc='}"]}
INFO[0005]
INFO[0005] Response:
INFO[0005] (200) https://performance2.dev.myco.xyz/apps/home/ (37.529 ms)
INFO[0005] Response headers:
INFO[0005] {"Content-Length":"938","Last-Modified":"Fri, 12 Apr 2019 16:22:22 GMT","Etag":"\"5cb0bb3e-3aa\"","Access-Control-Allow-Origin":"*","Accept-Ranges":"bytes","Server":"myco Web Server","Date":"Mon, 15 Apr 2019 18:28:33 GMT","Content-Type":"text/html"}
INFO[0005] Response cookies:
INFO[0005] {"myco_sso":["{'authToken':'VNxxjHAf_PxKwLN6d45zmdpmeVw.*AAJTAAIwMw..*'|'dataSessionTracker':'A3bSF/ysRdsNJXdc='}"]}
INFO[0005]
INFO[0008] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INFO[0008] Request:
INFO[0008] https://performance2.dev.myco.xyz/apps/agent/#/
INFO[0008] Request headers:
INFO[0008] {"User-Agent":["k6/0.24.0 (https://k6.io/)"]}
INFO[0008] Request cookies:
INFO[0008] {}
INFO[0008]
INFO[0008] Response:
INFO[0008] (200) https://performance2.dev.myco.xyz/apps/agent/#/ (38.962 ms)
INFO[0008] Response headers:
INFO[0008] {"Strict-Transport-Security":"max-age=63072000; includeSubdomains; preload","Accept-Ranges":"bytes","Etag":"\"5cb452fb-443\"","Content-Type":"text/html","Content-Security-Policy":"upgrade-insecure-requests","X-Frame-Options":"SAMEORIGIN","Server":"myco Web Server","Date":"Mon, 15 Apr 2019 18:28:36 GMT","Content-Length":"1091","Last-Modified":"Mon, 15 Apr 2019 09:46:35 GMT"}
INFO[0008] Response cookies:
INFO[0008] {}
INFO[0008]
INFO[0014] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INFO[0014] Request:
INFO[0014] https://performance2.dev.myco.xyz/api/user-profiles/me
INFO[0014] Request headers:
INFO[0014] {"User-Agent":["k6/0.24.0 (https://k6.io/)"]}
INFO[0014] Request cookies:
INFO[0014] {}
INFO[0014]
INFO[0014] Response:
INFO[0014] (400) https://performance2.dev.myco.xyz/api/user-profiles/me (2181.239 ms)
INFO[0014] Response headers:
INFO[0014] {"myco-Error-Message":"Incomplete request param","Content-Type":"text/plain; charset=utf-8","X-Application-Context":"AuthenticationService:dev:8091","X-Ratelimit-Reset":"0","Date":"Mon, 15 Apr 2019 18:28:41 GMT","X-Ratelimit-Limit":"0","X-Ratelimit-Remaining":"0","Server":"myco Web Server","Content-Length":"0"}
INFO[0014] Response cookies:
INFO[0014] {}
INFO[0014]
Can someone please contact me directly? It would be easier for me to communicate my issues if I could share my actual script, instead of posting pseudocode here.
Bear in mind:
This cookie has both the HTTP and Secure flags set. I wonder if this is a factor
Shouldn’t matter as long as you are expecting the cookie to be sent only on https requests.
I messaged you on slack.
So, the current understanding is that due to the non-standard JSON, k6 is having trouble handling this cookie as an object. However, this is a valid cookie for ForgeRock OpenAM, so I am stuck until I have a solution to store this.
Have you actually been able to login if you move the login from the setup() to the default function because this didn’t help in your case.
Although I have to add that nothing helped and I am left with the impression that ForgeRock OpenAM doesn’t always return the most accurate error, aka sometimes when it says it doesn’t find the cookie I think the problem is something else.
Also … as far as all my testing goes (with httpbin.org) k6 have absolutely no problem with sending the cookie … maybe it is some combination of factors, but even after I did some coding to remove some of the things golang does to cookies I still got the same problem with your script and no problem with httpbin
tl;dr I don’t know why ForgeRock OpenAM can’t find the cookie … everything else I’ve tried apparently can find the cookie.
Yes - when I move the login to the default function, it does pass the cookie correctly.
) so if your api is especting it as 
)