There's this exact title in the cypress docs: https://docs.cypress.io/api/commands/session#Switching-sessions-inside-tests
But I'm not sure how to implement it.
I currently have a test that signs up a user A, does something, and then another user B signs up (there a reset state here that cleans the session) and verifies something.
I would like to add another it() reusing the sessions from user A and B, is that possible? And how so?
Related
I am doing load tests to a apply option of career fair section. But I have only one user's login informations and I want to do apply tests more than one time with same user. For example when I create 10 users with Thread Group, the http request for apply is going to be fall 9 times. I think that's why we use only one user and the apply button is going to be applied button and not clickable. How can I do this test?
There is one golden rule: 1 virtual user == 1 real user with all its stuff like credentials, permissions, business actions, cookies, cache, etc. See How to make JMeter behave more like a real browser article for more details.
So ideally you need to have as many credentials as threads (virtual users) you set in JMeter's Thread Group
Test need to be repeatable, to wit leave the system in unmodified state so you could re-run the test once again. If the application process is irreversible you need to either cancel the application somewhere in the tearDown Thread Group or modify the database using JDBC Test Elements to restore the system state
If your system doesn't allow multiple logins from one user I don't think you will be able to conduct your test with a single user for multiple sessions.
How does one use sessions cookies to manage logins?
The naive approach using, say, ASP.NET Forms Authentication sets a cookie when a user logs in. Cookie is then checked on every call to the server.
But cookies are shared between browser tabs. This seems problematic.
I log in as Dave in TAB A and proceed to do all work as Dave.
More or less simultaneously, I log in as Alfonso on TAB B. The cookie from this login overwrites the Dave cookie.
So all work in TAB A is done as Dave, the "Logged in as" UI element says Dave, but when I submit, the server performs all work as if it were done as Alfonso.
This does not seem good. What is best practice here? Is the only solution to use cookieless sessions by putting the encrypted username in the URL of each call?
The best practice is to ensure your logic properly handles authentication. This is a common problem, as you need to account for issues like this, as well as "what happens if I submit the form even though the user has since been logged out?"
You shouldn't be able to login as Alfonso when you are already logged in as Dave. You have to logout as Dave first. If a login screen was already present on a tab even though Dave is logged in, the postback from logging in should realize that the user is already logged in (so Alfonso can't login).
Every time you save data, you should ensure the person performing the work is 1) still logged in and 2) the correct person.
If you want some old tab to automatically realize the user has since logged out, or is now someone else, that would require a bit more work (AJAX)... without it, bullet 2. from above will handle your problem.
I'm new to Symfony and PHP (previously worked with C++, Java) and I can't find any solution on how to log user login and logout actions to a database. I want those specific informations:
user who took the action (via userId),
action description (login or logout),
current timestamp.
I'm looking for the simplest possible solution. I managed to successfully log information on user login by modifying function rendering user login form, but I failed miserably when it comes to logout. I know it is a terrible idea after all, but I couldn't come up with any better one. Any suggestions? Thanks in advance.
If you have a look here, it says you can define a success handler and a failure handler which you use to log stuff to your database. You can also find the handler parameters defined in the reference documentation.
Login
You would first create a service which get's the security.context and entityManager as parameters and uses both to determine which user logged in. This service is then added to the success_handler parameter and therefor called after the user logs in.
Logout
This one is more tricky I guess, as I would assume that the security.context has no information about the user anymore and you cannot use it to determine which user is logging out. You may want to look into what the handlers parameter actually is. It might be a handler which is called while processing the logout, so you could use it. Of course you might log some logouts which fail because without the success handler you cannot be sure the logout was successfull. On the other hand, maybe you can get the session id from somewhere (again, security.context maybe) and log this instead.
I want to write up a scenario that looks something like:
Given I am logged in
And I am on my profile page
Then I see my name
For the "Given I am logged in" - do I need to write something like:
When I go to the log in page
And I fill in "user_username" with "test"
And I fill in "user_password" with "invalid password"
And I press "Sign in"
Question is: does the test have to go through the login scenario every time I test a logged in user functionality?
EDIT:
Note that I am using the Devise gem. I am not sure how to log in the user directly since the user session, cookies, etc have to be set
I would write a step definition to handle the login instead of a scenario.
This step definition can then put the cookies in the cookie jar for subsequent use.
If you store the cookiejars in a hashmap keyed on the test users then the method can be smart enough to only log in when needen and reuse a session if one is still available. This can save a lot of time in the tests at the expense of not having completely independent tests, since now they're coupled through the session data on the server. The session can always be cleared by logging out before logging in again.
.. Or is it enough to just check for a session variable that indicates a successful login has in fact been performed?
What are different ways to go about this? The ideal and not so ideal?
Thanks!
Third alternative: HMAC-ed cookie. No need to hit database/session-store at all.
Details.
Even if a user has an active session that is restores via cookie for example, you need to verify his account data.
If you don't check the current database entries for a user, he could possibly login although his profile has been banned or something like that.
The reverse situation can happen if your user opens a session in one browser (at home for example), upgrades his account to some "premium" (or whatever) account with another session (maybe from his office). When he returns home, he would get his old session that has no "premium" privileges.
So, always check the data for your user profiles. I would recommend to check them on EVERY request to your website. Your session data should only say WHO the user is and not WHAT he is allowed to do.