Load Testing a Website that Requires a Login and Password
When you go to your favorite online shopping destination to order that sweet new pair of winter gloves or the latest video game for the holidays, what’s one of the first things you need to do?
Typically, you need to login to your account. Now, we know some people save their passwords and logins, but the login authentication is still an important step for every developer and operations engineer out here maintaining these websites and apps.
If the engineers behind an e-commerce site are paying attention, they’ve included that login authentication in their load tests. That way, a rush of people logging into their website doesn’t burn everything to the ground. (Figuratively, not literally — we hope)
E-commerce companies have been an important part of Load Impact’s user base for years, so we fully understand the importance of load testing the authentication process before the “Black Friday” season.
Here’s some information on the type of authentication we support in load testing scripts and how you can do it today. And if you haven’t included this step yet, we recommend you do it today!
Login using HTTP POST
Many sites let users login by entering their username and password in input fields of a form that is then POST:ed to the web server.
Load Impact supports HTTP POST operations, which means you may edit your load script and provide the login credentials (username/password) in a POST operation.
When the server gets the right login credentials through this POST operation, it sets a session cookie in your browser.
The session cookie is used for all future communications with the web server, authenticating you as a logged-in user.
Load Impact automatically sets cookies when asked to by the server, so accessing pages as a logged-in user works fine if you just make sure your load script performs that initial POST operation.
More information:
Basic HTTP Authentication
Basic HTTP Authentication is a method where the server will only honor requests if they contain a special HTTP header (the “Authorization:” header) where the client has to place the login credentials (username and password) that are to be used to gain access to the site or page.
Load Impact supports Basic HTTP Authentication by the use of URLs in this format:
If you use URLs of that format, include the username and password to be used when accessing the site/page and requests will automatically get the “Authorization:” header with the correct data in them.
We also allow HTTP request headers to be specified for each transaction, so it’s possible to create the data for the “Authorization:” header in the load script code and then add the header to each request.
http.request({
method=”GET”,
url=”http://example.com/",
headers={ [“Authorization”]= ‘Basic ‘ + base64.encode(username + ‘:’ + password) }
})
And if you’re looking for some more helpful hints, check out our Support documentation on these related topics.
