Table of content

• HTTP Cookie Manager in JMeter
• Determining the Necessity of HTTP cookie Manager

The cookie manager stores and sends cookies just like a web browser. If you have an HTTP Request and the response contains a cookie, the Cookie Manager automatically stores that cookie and will use it for all future requests to that particular web site.

Each JMeter thread has its own cookie storage area.

• The use of cookies eventually becomes necessary when your application has to maintain a session.
• Once you login to an application, it maintains the session of that user so that he/she can work inside the application.
• If that session is not maintained (via Cookie Manager in case of JMeter), then the user will be logged out of the application as soon as he/she sends the next request, which requires Authentication.
• You can take it like this, if your application has a session or uses cookies, then your script will not work without adding cookies in cookie manager, as then your script will not be able to maintain the session and the users (Threads) will be kicked-off the application as soon as they enter into it.
• Each JMeter thread has its cookie storage area. So, if you are testing a web site that uses a cookie for storing session information, each JMeter thread will have its session.

How to determine whether the website needs HTTP Cookie manager while writing a script

• One way is if you know about the application (which ideally a performance tester should know) that whether the application maintains any kind of session or not.
• This should be part of the Performance test planning and Requirement gathering sessions conducted before starting with the Performance testing.
• So, you should gather this information beforehand either ask the Developers, QAs working with that application.
• Another way is using any kind of developer tool like HTTPWatch, Fiddler, IE Developer Toolbar, etc. as these tools will clearly tell you that what all the cookies your application is using and which request requires which cookie.
• Using the reverse methodology (this may sound a little weird, but helpful), use View Results in Tree listener in your test plan, then without adding Cookie Manager (as at this point you don't know whether you require it or not) run your script.
• We both know that it will fail, but let it get fail. Then from the Sampler Result tab of the Tree Listener, you will get the knowledge of whether Your application is using any cookies or not? If yes, then what are the name of cookies being used?. Once you get the cookies name from there, you can add the same to your cookie manager.
• Lastly, the Thumb rule is. If your application is having any kind of session, Authentication, then you will definitely need HTTP Cookie Manager in your JMeter script.

The following example demonstrates why we need to add the cookie manager in Tests.

• First, Let me record one flow and then try to understand why we need to add cookie manager in tests.
• Navigate to the given link: https://the-internet.herokuapp.com/login
• On that page, you will find the Username and Password, as shown below.
  
• Now, Enter the Username as tomsmith and password as SuperSecretPassword! and then click on the Login button.
  
• Once you logged in, you can see the below image and then click on the Logout button.
  
• Let us record this process by using the JMeter.
• Launch the JMeter in your system.
• Make sure your proxy has been set in the Firefox browser before recording in the JMeter.
• Right-click on the Add and then select Non-Text Elements-->HTTP(s) Test Script Recorder.
  
• Next, click on the Target controller and then select the Test Plan>HTTP(s) Test Script Recorder
  
• And then click on the Request Filtering and Add Suggested Excludes.
• Now, click on the start button and then go to the Firefox browser and log in to the Login page(https://the-internet.herokuapp.com/login) by using the Username and the password.
• Once it is logged in, then click on the Logout button on the website and then click on the Stop button in the JMeter.
  
• Now, if you click on the HTTP(s) Test Script Recorder, you can see the Test scripts as below.
  
• Now, to run these requests, add one Thread group to the Test Plan.
  
• And then move all the test scripts to Thread Group, because you cannot run the test scripts from the script recorder, if you want to run the test script then all the test scripts must be present in the thread group only.
  
• Now save the project and then add View Result Tree Listener to the Test Plan to see how the results are happening.
  
• Now run the Test Plan. And you can see that all the scripts are passed, and here you can observe that the security has become the part of Authentication.
  
• Do not judge whether the script is pass or fail by seeing the Green tick mark.
• When you authenticate, then you will be logged in, as shown below.
  
• Welcome to the Secure Area. When you are done, click logout below should be present in the Response body. But in the Response body, you still see the sentence before login.
  
• Expand the Authenticate-81 sampler, you can see the sub sampler as shown below. When you click on the Request and Request body you can see the Username and the Password.
  
• So let's fix this issue.
• When you enter the link https://the-internet.herokuapp.com/login in the browser then one session cookie will be created.
• And when you enter the valid credentials to log in, then the authentication will hit the request to login and the browser will store these cookies. But the JMeter won't store the cookies like a browser.
  

  The request will be:  https://the-internet.herokuapp.com/authenticate.
  The credentials will be: username=tomsmith&password=SuperSecretPassword%21
  [no cookies]​

• We can make the JMeter store the cookies by adding HTTP Cookie Manager.
• Right-click on the Thread Group and then select Add-->Config Element-->HTTP Cookie Manager
  
• Now save and run the test and see how the results are behaving. The three more requests have been added to the view results tree.
  
• If you compare old request and the new request that is after adding the HTTP Cookie Manager, the cookies have been added to all the requests.
  
  
• Now go to the response body of Authenticate-81, you will find the welcome to the secure area.
  
• So This is how the HTTP Cookie Manager will help to store the session cookies in the JMeter.

Recommended Readings

• Assertions in JMeter
• Logical Controller of JMeter
• Timers in JMeter
• Regular Expression Extractor in JMeter
• Thread Group in JMeter
• Using JMeter for Performance Testing
• Recording the Scripts in JMeter
• Installation of JMeter