Unable to pass sso cookie (0.24.0)

#1

Hi there - I have an sso cookie that is in a json format that is not being passed to my requests automatically. However, I see it when I run in debug mode.

–http-debug output:

Cookie: myco_sso={'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}

I also cannot see it when I read the response.cookies object, so I can’t manually store/use it.

For what it’s worth, I am able to capture the JSESSIONID cookie with response.cookies.

Cookie: JSESSIONID=4361943...D93F.auth-rc01-s03

I use other performance tools that are able to automatically pass this cookie, so I am wondering what the limitation is in k6.

0 Likes

#2

Hi,

The only problem I can see is if you have double quotes which appears to be a golang “issue” which as far as I can see is not suppose to work by the RFC as well … so I dunno :).
Can you try with httpbin.org like

import http from "k6/http";
import { check, group } from "k6";

export let options = {
    maxRedirects: 3
};

export default function() {

    group("Simple cookies set with VU jar", function() {
        // Since this request redirects the `res.cookies` property won't contain the cookies
        let res = http.get("http://httpbin.org/cookies/set?name3=value3&name4=%7B'authToken'%3A'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'%7C'dataSessionTracker'%3A'A3bSF%2FysRP...WETXdc%3D'%7D");
        check(res, {
            "status is 200": (r) => r.status === 200
        });
        console.log(res.body);
        // Make sure cookies have been added to VU cookie jar
        let vuJar = http.cookieJar();
        let cookiesForURL = vuJar.cookiesForURL(res.url);
        console.log(JSON.stringify(cookiesForURL));
        check(null, {
            "vu jar has cookie 'name3'": () => cookiesForURL.name3.length > 0,
            "vu jar has cookie 'name4'": () => cookiesForURL.name4.length > 0
        });
    });
}

But change the value for name4 to one that doesn’t work as I am using yours and it appears to work …

0 Likes

#3

I can catch the sso_cookie on each request, but it is not getting passed automatically, as far as I can tell:

INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"] 
INFO[0010] https://performance2.rc.myco.xyz/api/roles (200): 6553.901 ms 

INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"] 
INFO[0010] https://performance2.rc.myco.xyz/api/v3/users?fields[agent]=email,first_name,last_name,alias (401): 75.769 ms 
INFO[0010] {
    "error": "Error retrieving SSO Cookie, check presence"
} 

INFO[0010] myco_sso > > > ["{'authToken':'kYVARDPBtkv-p3oZk.*AAAIwMw..*'|'dataSessionTracker':'A3bSF/yNJXdc='}"] 
INFO[0010] https://performance2.rc.myco.xyz/api/chat (401): 74.84 ms 
INFO[0010] {
    "error": "Error retrieving SSO Cookie, check presence"
} 
0 Likes

#4

It seems to work for me …

import http from "k6/http";
import { check } from "k6";

export let options = {
    maxRedirects: 3
};

export default function() {
        // set cookies
        let res = http.get("https://httpbin.org/cookies/set?name3=value3&name4=%7B'authToken'%3A'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'%7C'dataSessionTracker'%3A'A3bSF%2FysRP...WETXdc%3D'%7D");
        // get cookies that we sent
        res = http.get("https://httpbin.org/cookies");
        // print those cookies
        console.log(res.body);
        // get cookies from the jar just to check
        let vuJar = http.cookieJar();
        let cookiesForURL = vuJar.cookiesForURL(res.url);
        console.log(JSON.stringify(cookiesForURL));
        check(null, {
            "vu jar has cookie 'name3'": () => cookiesForURL.name3.length > 0,
            "vu jar has cookie 'name4'": () => cookiesForURL.name4.length > 0
        });
}

Gets me

  execution: local
     output: -
     script: token.js

    duration: -,  iterations: 1
         vus: 1, max: 1

INFO[0002] {
  "cookies": {
    "name3": "value3",
    "name4": "{'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}"
  }
}
INFO[0002] {"name3":["value3"],"name4":["{'authToken':'XmQSZYU9l9-aZBVIuAEYjLdeOcM.*AAJTZ..lMwMQ..*'|'dataSessionTracker':'A3bSF/ysRP...WETXdc='}"]}
    done [==========================================================] 1 / 1

    ✓ vu jar has cookie 'name4'
    ✓ vu jar has cookie 'name3'

    checks.....................: 100.00% ✓ 2   ✗ 0
    data_received..............: 6.8 kB  6.3 kB/s
    data_sent..................: 1.3 kB  1.2 kB/s
    http_req_blocked...........: avg=157.26ms min=2.37µs   med=3.78µs   max=471.79ms p(90)=377.43ms p(95)=424.61ms
    http_req_connecting........: avg=40.44ms  min=0s       med=0s       max=121.32ms p(90)=97.05ms  p(95)=109.19ms
    http_req_duration..........: avg=205.27ms min=204.62ms med=204.69ms max=206.49ms p(90)=206.13ms p(95)=206.31ms
    http_req_receiving.........: avg=70.72µs  min=32.54µs  med=47.8µs   max=131.82µs p(90)=115.02µs p(95)=123.42µs
    http_req_sending...........: avg=92.19µs  min=18.63µs  med=18.64µs  max=239.28µs p(90)=195.16µs p(95)=217.22µs
    http_req_tls_handshaking...: avg=99.88ms  min=0s       med=0s       max=299.64ms p(90)=239.71ms p(95)=269.68ms
    http_req_waiting...........: avg=205.11ms min=204.54ms med=204.56ms max=206.22ms p(90)=205.89ms p(95)=206.05ms
    http_reqs..................: 3       2.74701/s
    iteration_duration.........: avg=1.09s    min=1.09s    med=1.09s    max=1.09s    p(90)=1.09s    p(95)=1.09s
    iterations.................: 1       0.91567/s
    vus........................: 1       min=1 max=1
    vus_max....................: 1       min=1 max=1

Are you certain it is not your api checking the wrong key or you not setting it for the correct path ?k6 will canonize cookie headers (slack chat link, sorry :frowning: ) so if your api is especting it as myco_sso it will get Myco_Sso ( I think :slight_smile: )

0 Likes

#5

That’s fine for that single request - I agree that we can see it. But why is the myco_sso cookie not used for subsequent requests? Do I have to manually add it to each request? That would seem to defeat the purpose of automatic cookie handling.

INFO[0005] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
INFO[0005] Request:                                     
INFO[0005] https://performance2.dev.myco.xyz/Platform/login 
INFO[0005] Request headers:                             
INFO[0005] {"Content-Type":["application/x-www-form-urlencoded"],"User-Agent":["k6/0.24.0 (https://k6.io/)"],"Cookie":["JSESSIONID=7E36"]} 
INFO[0005] Request cookies:                             
INFO[0005] {"JSESSIONID":["7E36"],"myco_sso":["{'authToken':'VNxxjHAf_PxKwLN6d45zmdpmeVw.*AAJTAAIwMw..*'|'dataSessionTracker':'A3bSF/ysRdsNJXdc='}"]} 
INFO[0005]                                              
INFO[0005] Response:                                    
INFO[0005] (200) https://performance2.dev.myco.xyz/apps/home/ (37.529 ms) 
INFO[0005] Response headers:                            
INFO[0005] {"Content-Length":"938","Last-Modified":"Fri, 12 Apr 2019 16:22:22 GMT","Etag":"\"5cb0bb3e-3aa\"","Access-Control-Allow-Origin":"*","Accept-Ranges":"bytes","Server":"myco Web Server","Date":"Mon, 15 Apr 2019 18:28:33 GMT","Content-Type":"text/html"} 
INFO[0005] Response cookies:                            
INFO[0005] {"myco_sso":["{'authToken':'VNxxjHAf_PxKwLN6d45zmdpmeVw.*AAJTAAIwMw..*'|'dataSessionTracker':'A3bSF/ysRdsNJXdc='}"]} 
INFO[0005]                                              
INFO[0008] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
INFO[0008] Request:                                     
INFO[0008] https://performance2.dev.myco.xyz/apps/agent/#/ 
INFO[0008] Request headers:                             
INFO[0008] {"User-Agent":["k6/0.24.0 (https://k6.io/)"]} 
INFO[0008] Request cookies:                             
INFO[0008] {}                                           
INFO[0008]                                              
INFO[0008] Response:                                    
INFO[0008] (200) https://performance2.dev.myco.xyz/apps/agent/#/ (38.962 ms) 
INFO[0008] Response headers:                            
INFO[0008] {"Strict-Transport-Security":"max-age=63072000; includeSubdomains; preload","Accept-Ranges":"bytes","Etag":"\"5cb452fb-443\"","Content-Type":"text/html","Content-Security-Policy":"upgrade-insecure-requests","X-Frame-Options":"SAMEORIGIN","Server":"myco Web Server","Date":"Mon, 15 Apr 2019 18:28:36 GMT","Content-Length":"1091","Last-Modified":"Mon, 15 Apr 2019 09:46:35 GMT"} 
INFO[0008] Response cookies:                            
INFO[0008] {}                                           
INFO[0008]                                              
INFO[0014] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
INFO[0014] Request:                                     
INFO[0014] https://performance2.dev.myco.xyz/api/user-profiles/me 
INFO[0014] Request headers:                             
INFO[0014] {"User-Agent":["k6/0.24.0 (https://k6.io/)"]} 
INFO[0014] Request cookies:                             
INFO[0014] {}                                           
INFO[0014]                                              
INFO[0014] Response:                                    
INFO[0014] (400) https://performance2.dev.myco.xyz/api/user-profiles/me (2181.239 ms) 
INFO[0014] Response headers:                            
INFO[0014] {"myco-Error-Message":"Incomplete request param","Content-Type":"text/plain; charset=utf-8","X-Application-Context":"AuthenticationService:dev:8091","X-Ratelimit-Reset":"0","Date":"Mon, 15 Apr 2019 18:28:41 GMT","X-Ratelimit-Limit":"0","X-Ratelimit-Remaining":"0","Server":"myco Web Server","Content-Length":"0"} 
INFO[0014] Response cookies:                            
INFO[0014] {}                                           
INFO[0014]
0 Likes

#6

Can someone please contact me directly? It would be easier for me to communicate my issues if I could share my actual script, instead of posting pseudocode here.

0 Likes

#7

Bear in mind:
This cookie has both the HTTP and Secure flags set. I wonder if this is a factor

0 Likes

#8

Shouldn’t matter as long as you are expecting the cookie to be sent only on https requests.

I messaged you on slack.

0 Likes