Hi, It appears that HTTP cookie manager allows cross domain cookies, which is different to the behaviour of the browsers. I'm writing a test for an application, which is using Identity Management platform with cross domain single sign on. The chain of event is the following:
111.com - website domain 222.com - identity management domain (different to the first domain) 1. Login page on 111.com - sends request to 222.com with the entered user credentials. 222.com sets cookies with authentication information for both 222.com, and 111.com and redirects back to 111.com 2. Since it's a different domain, the cookie for 111.com isn't set, so it has to do a couple of redirects to check if the user is authorised to see the page and only then returns the page. That's how it works in the browser. In JMeter I can clearly see that at the step 2 cookies for domain 111.com are passed through and the requested page is returned straight away. I tried different "Cookie policy" settings, didn't help. I don't think that's how it supposed to work, can anyone comment on that? I'm using JMeter 2.3.2, "HTTP Request" sampler with "Follow redirects" and "Redirect automatically" turned off. Cheers, Leo Sensis. Helping you find, buy and sell. www.sensis.com.au - www.yellow.com.au - www.whitepages.com.au - www.citysearch.com.au - www.whereis.com.au - www.tradingpost.com.au Sensis cares for the environment - think before you print. This email and any attachments are intended only for the use of the recipient and may be confidential and/or legally privileged. Sensis Pty Ltd disclaims liability for any errors, omissions, viruses, loss and/or damage arising from using, opening or transmitting this email. If you are not the intended recipient you must not use, interfere with, disclose, copy or retain this email and you should notify the sender immediately by return email or by contacting Sensis Pty Ltd by telephone on [+61 3 8653 5000]
