I am doing load tests to a apply option of career fair section. But I have only one user's login informations and I want to do apply tests more than one time with same user. For example when I create 10 users with Thread Group, the http request for apply is going to be fall 9 times. I think that's why we use only one user and the apply button is going to be applied button and not clickable. How can I do this test?
There is one golden rule: 1 virtual user == 1 real user with all its stuff like credentials, permissions, business actions, cookies, cache, etc. See How to make JMeter behave more like a real browser article for more details.
So ideally you need to have as many credentials as threads (virtual users) you set in JMeter's Thread Group
Test need to be repeatable, to wit leave the system in unmodified state so you could re-run the test once again. If the application process is irreversible you need to either cancel the application somewhere in the tearDown Thread Group or modify the database using JDBC Test Elements to restore the system state
If your system doesn't allow multiple logins from one user I don't think you will be able to conduct your test with a single user for multiple sessions.
Related
I created concurrency Thread Group with 10 Users in 1 Min, but when i run it ,i am getting 409 conflict in Login Authorization request.
is it possible to run 10 Concurrent Users with single login details?
enter image description here
It depends on how the system under test is configured, in your case it seems to be impossible
In general you need to configure JMeter to behave exactly like a real browser, to wit each JMeter's thread (virtual user) must represent a real user using a real browser and a real user:
has its own credentials
cache
cookies
think time
business actions
so ideally you need to create as many "login details" as virtual users you need to simulate
Let's say I'm testing a web service and I have a couple of scenarios requires user to be authenticated:
Scenario #1: Customer sign-up
Scenario #2: Customer sign-in
Scenario #3: Customer change name
Scenario #4: Customer update image
Should all the tests go through all login steps like:
1) Go to register page
2) Enter new user information
3) Activate account
4) Go to login page
5) Enter login and password
6) Press the Login button
7) Check if I authenticated as a customer
Or I can just test it once and implement endpoint which quickly creates a user and log it in.
So if I have that kind of endpoint that means I can skip retesting the same things all the time and just have short scenarios #3 and #4 implementation. But in this case, I have a less natural environment.
Please tell me about the best practices that you use in real projects.
Few best practices:
use the testing pyramid integration > ui (tests are much slower on UI, automate in the UI only the necessary things to have main flows covered)
for the UI use fast methods for the setup (so yes, web services, test login only once)
if possible keep some test data trough the builds (for example to make sure a new build that might change data structure does not affect basic functionality, e.g. login)
tests should be atomic (not depend on each other)
do some cleanup from time to time to remove duplicate test code and to improve the framework(speed, stability)
You shouldn't copy and paste the "log in" scenario to all of the other scenarios, but having an account and being logged in are prerequisites for the other use cases. From a behavior driven development perspective this will translate to one or more Given steps that simulate or actually perform those steps:
Scenario: Customer change name
# Calls web service or database to create new user
Given "Bob" is a registered user
# Calls web service or database to make account active
And "Bob" has an active account
# Opens browser, navigates to login page, fills out login form and submits it
And the user is logged in as "Bob"
# Steps specific to changing name and asserting it has changed
When the user changes their name to "Samuel"
Then the user's name is "Samuel"
I need some clarification in the testing process, specifically when multiple users (100 Users) login to a web application through JMeter.
I can log in with a single valid user but if there are 100 users and 1 is a valid user and 99 are invalid users, the 99 users cannot log in.
The problem is creating 100 is a difficult process.
Now, is testing login as mentioned above the same as testing with 100 valid users?
If not, is there any better process to test login with multi-users?
There is only one obvious requirement: each JMeter thread (virtual user) should use different credentials, in other words JMeter user must represent real user using real browser as close as possible, otherwise your load testing will not make sense.
So ideally you should have 100 different credentials so each virtual user could use its own username/password combination and have its own session. It particularly matters when your test scenario assumes some business processes, i.e. one user starts workflow, another one approves, third one finishes, etc.
If each load test iteration assumes "clean" system you could consider automating user creation process via setUp Thread Group where you can create the prerequisites (users, content, whatever). Ask around, it might be the case you can create the user using a single REST API or Database call, or it could be possible to import users from LDAP or using a shell command
As a last resort you can use single credentials with multiple JMeter virtual users, however in this case you may run into issues with your application so try avoiding CRUD operations so your test would represent just browsing.
I have a web application where I want users to only be able to use it from one location (meaning a user can't actively be using the application at two locations). Currently I got this working in a very common way by only allowing 1 cookie session to be valid and removing any existing ones when a user logs in. Unfortunately I've been told that my method of only allowing 1 cookie is unacceptable because my users move around a lot to different sites and are tired of having to login every time. An easy solution would just be to allow more than 1 cookie, but I can't do this because I need to make sure a user account is not being used at two locations at the same time.
I'm wondering what is the best way to implement a system like this where a user can't be active at more than 1 location, but shouldn't necessarily have to login at every location they visit.
One possible idea I had was to allow multiple cookies to be recorded, but once a cookie becomes active (meaning I notice that session navigating the application) all of the other cookies are locked out for a certain timelimit like 15 mins. If no cookie session has been active for 15 mins then allow any cookie to login and gain dominance over the others untill it exceeds the timelimit.
Edit: It's ok for them to remain logged in after they leave a location
One way to do this is to log their last ip address and at what time that access was. On each access, you can check their last access.
If the last access is from the same ip, let them through.
If the last access is from a different ip, check how long ago that was. You can then define a cut-off point for how long they need to be idle before they can access it from another location. 15 minutes seems reasonable.
All of this can be done on the backend and this would possibly provide a higher level of security.
The browser allows users to store their credentials. Let them use this feature to log back in without hassle.
No need for a timeout. Allow multiple cookies, but only one active one.
Instruct your users to close the application when they leave their workstations. Make this something that's easy to do. Put a close button on each page or perhaps catch onBeforeUnload and notify the server that the page is no longer being displayed. Do keep the session when the user closes the application, but mark it as currently inactive.
When you get a request with a cookie that belongs to an inactive session, activate that session without complaints if the user has no other session active.
If the user still has another session active, something fishy is going on. So remove all sessions and send the user to the login screen.
(That'll teach them :) )
In our system one client may have multiple operators. However there is a "wish" from client.
One company has an account, however there can be mulitple operators assigned to this company. Client wants us to prepare a solution that only one operator from company can log in to the system at same time. How can I achieve this?
Just by making sure they system has the ability to validate the login on each request. Either
Actively (by querying state -- possibly a database to compare some secrets) or
Passively -- using some form of cryptography and tokens (possibly in the cookie).
Option one is easiest, option 2 is fastest. If you validate on each request you can make sure that only one user remains logged in -- if another user signs in you can invalidate the existing active login -- perhaps with a cooldown period of n amount minutes.
You have to develop some form of login scheme -- kerberos is the defacto scheme -- read this easy to follow tutorial on kerberos Designing an Authentication System: a Dialogue in Four Scenes It should show you what you really need to do.
You could use a database field to flag that they are logged in. Update the field to 'logged in' when they do so, and then update it to 'logged out' when they log out.
You'd also need to monitor login sessions for expiry to update the field if a user never bothered to explicitly logout.
The best approach I've used:
Create a table used to track whether an operator is logged in (e.g. userid and last_accessed_dt)
On each page request by the operator update the last requested date/time
When an operator attempts to login they can only do so if the last requested data/time > timeout period of sessions on your website (E.g. 30 minutes) or if they are the Last Operator User ID ... this way they can quickly recover from a logoff etc.
When an operator logs off have the Last Accessed cleared
When the session times out have the Last Accessed cleared
"I am using WPF application and the server is written in WCF, however this can be achieved. But what in situation when user has an application opened and was inactive for 30min?"
This system is going to be single-user, so I suggest you start a counter thread when a user logs in. When counter reaches 30 minutes, write a value to the db indicating that user has timed out and other users are free to login. Obviously, you should do the same thing when user explicitly logs out.