The cookie manager stores and sends cookies just like a web browser. If you have an HTTP Request and the response contains a cookie, the Cookie Manager automatically stores that cookie and will use it for all future requests to that particular web site.

Each JMeter thread has its own cookie storage area.

  • The use of cookies eventually becomes necessary when your application has to maintain a session.
  • Once your login to an application, it maintains the session of that user so that he/she can work inside the application.
  • If that session is not maintained (via Cookie Manager in case of JMeter), then the user will be logged out of the application as soon as he/she sends the next request, which requires Authentication.
  • You can take it like this, if your application has a session or uses cookies, then your script will not work without adding cookies in cookie manager, as then your script will not be able to maintain the session and the users (Threads) will be kicked-off the application as soon as they enter into it.
  • Each JMeter thread has its cookie storage area. So, if you are testing a web site that uses a cookie for storing session information, each JMeter thread will have its session.

How do we determine, while writing a script that the website needs an HTTP Cookie Manager?

  • One way is if you know about the application (which ideally a performance tester should know) that whether the application maintains any kind of session or not.
  • This should be part of the Performance test planning and Requirement gathering sessions conducted before starting with the Performance testing.
  • So, you should gather this information beforehand either ask the Developers, QAs working with that application.
  • Another way is using any kind of developer tool like HTTPWatch, Fiddler, IE Developer Toolbar, etc. as these tools will clearly tell you what your application is using all cookies and which request requires which cookie.
  • Using the reverse methodology (this may sound a little weird, but helpful), use View Results in Tree listener in your test plan, then without adding Cookie Manager (as at this point you don't know whether you require it or not) run your script.
  • We both know that it will fail, but let it get fail. Then from the Sampler Result tab of the Tree Listener, you will get the knowledge of whether Your application is using any cookies or not? If yes, then what are the name of cookies being used?. Once you get the cookies name from there, you can add the same to your cookie manager.
  • Lastly, the Thumb rule is. If your application is having any kind of session, Authentication, then you will definitely need HTTP Cookie Manager in your JMeter script.

The following example demonstrates why we need to add the cookie manager in Tests.

  • First, Let me record one flow and then try to understand why we need to add cookie manager in tests.
  • Navigate to the given link:
  • On that page, only you will find the USername and Password, as shown below.
  • Now, Enter the Username as tomsmith and password as SuperSecretPassword! as a password and then click on the Login button.
  • Once you logged in, you can see the below image and then click on the Logout button.
  • Let us record this process by using the JMeter.
  • Launch the JMeter in your system.
  • Make sure your proxy has been set before recording the in the JMeter.
  • Right-click on the Add and then select Non-Text Element
  • Next, click on the Target controller and then select the Test Plan>HTTP(s) Script Recorder
  • And then click on the Request Filtering and add Suggested Excludes.
  • Now, click on the start button and then go to the Firefox browser and log in to the Login page by using the Username and the password.
  • Once it is logged in, then click on the Logout button and then click on the Stop button in the JMeter.
  • Now, if you check, you can see the Test scripts as below.
  • Now, to run these requests, add one Thread group to the Test Plan.
  • And then move all the test scripts to Thread Group, because you cannot run the test scripts from the script recorder, if you want to run the test script then all the test scripts must be present in the thread group only.
  • Now save the project and then add View Result Tree Listener to the Test Plan to see how the results are happening.
  • Now run the Test Plan. And you can see that all the scripts are passed, and here you can observe that the security has become the part of Authentication.
    running the-test-scripts-under-view-results-tree-jmeter
  • Do not judge whether the script is pass or fail by seeing the Green tik mark.
  • When you authenticate, then you will be logged in, as shown below.
  • Welcome to the Secure Area. When you are done, click logout below should be present in the Response body. But in the Response body, you still see the sentence before login.
  • Extend the Authentcat-81 sampler, you can see the sub sampler as shown below. When you click on the Request and Request body you can see the Username and the Password.
  • So let's fix this issue.
  • When you enter the link in the browser then one session cookie.
  • And when you enter the valid credentials to log in, then the authentication will hit the request to login but the JMeter won't store the cookies like a browser.
    The request will be:
    The credentials will be: username=tomsmith&password=SuperSecretPassword%21
    [no cookies]‚Äč
  • We can convert the JMeter to act as cookies by adding HTTP Cookie Manager.
  • Right-click on the Thread Group and then select Add-->Config Element-->HTTP Cookie Element
  • Now save and run the test and see how the results are behaving. The three more requests have been added to the view results tree.
  • If you compare old request and the new request that is after adding the HTTP Cookie Manager, the cookies have been added to all the requests.
  • Now go to the response body of authenticate-18, you will find the welcome to the secure area.
  • So This is how the HTTP Cookie Manager will help to store the session cookies in the JMeter.
Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions