Hi,
I have a rather special issue with https and session cookies.
In the JMeter test plan I use http (without SSL) despite the server
uses https. I use stunnel4 as external TLS/SSL enabler. I'm doing this
for two reasons:
a) JMeter has certificate checking disabled and accepts any invalid
certificate. But I need this security.
b) Enabling https in the JMeter sampler causes high CPU load and
results in low performance. I guess the reason lies in the crypto
library implementation of the openjdk-re. However, using stunnel gives
a significant performance boost.
But the web server is setting a session cookie with the “secure” flag
set, forbidding the cookie to be send over an insecure connection.
Since the JMeter test plan uses http only, the cookie doesn't get send
on subsequent requests and the rest of the test fails.
Is there any way, e.g. by a bean shell script, to remove the “secure”
flag from cookies and convince the cookie manager to send the cookies
over insecure connections? Any other ideas how to solve this problem?
Best regards,
@
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
