The web application I am load testing is written in Java. Apache is the web server, WebLogic the web container. We are using SiteMinder for user authentication. First I will describe the scenario: 1. Send HTTP Request to login user. Siteminder logs user in successfully and sends a FORMCRED cookie back to the client. 2. The second HTTP Request to any page on the site works successfully. It sends back the FORMCRED cookie to the server. SiteMinder picks up the FORMCRED cookie, validates it and sets it to null (or empty string) and sends back a SMSESSION cookie. 3. The third and all subsequent requests then send SMSESSION cookie to the server. They dont send the FORMCRED cookie anymore since it is now null. This is how IE and Netscape work when sending cookies to the server. Neither of them send cookies with null value back to the server. JMeter, on the other hand, sends all cookies back to the server even if they have been nulled out. So, on the third request JMeter sends FORMCRED back to the server. SiteMinder sees it and tries to validate it. Since FORMCRED is null (or empty string), SiteMinder kicks the user back to the login page. Thus my test case fails when I run it in JMeter. I fixed this issue my modifying org.apache.jmeter.protocol.http.control.CookieManager.java file. I modified the public void add(Cookie) method. Below is my modification: /** * Add a cookie. */ public void add(Cookie c) { /** My Modification Start */ if (c.getValue() == null || c.getValue().equals("")) { removeCookieNamed(c.getName()); } /** My Modification End */ else { JMeterContext context = getThreadContext(); getCookies().addItem(c); if (context.isSamplingStarted()) { context.getVariables().put(c.getName(), c.getValue()); } } } I am not sure if I have fixed a bug or if the bug is in SiteMinder since it should be reading FORMCRED if it is null. Either way, I wanted to submit my modification and let you decide if you want to put it into JMeter. Nizar Noorani Consultant, Tallan, Inc. noorani_786@yahoo.com
Thanks for the report. Did a bit of searching in RFCs etc and it does look as though cookies with null/empty values are not supposed to be sent. However, just in case the original behaviour is valid in some circumstances, the cookie is only deleted if the proporty "CookieManager.delete_null_cookies" not set to false (i.e. the default is true). This change has been applied to the 2.0 branch.
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/1510