AgileLoad Session Identifier Management
Session Identifiers are used by the application to uniquely identify a client browser, while background (server-side) processes are used to associate the session identifier with a level of access. Thus, once a client has successfully authenticated to the web application, the session identifier can be used as a stored authentication voucher so that the client does not have to retype their login information with each page request.
Application developers have three methods available to them to both allocate and receive session ID information:
Session ID as Variables:
A variable is a Form variable if it is specified:
- In an HTTP GET request, after a '?' character and right delimited by the '&' character or by the end of URL.
- In an HTTP POST request body, delimited by the '&' character or the end of body.
Session ID information can be stored within the fields of a form and submitted to the application. Typically the session ID information would be embedded within the form as a hidden field and submitted with the HTTP GET or POST command.
Embedded within the HTML page:
<FORM METHOD=GET ACTION=”/fmstocks/home.php”>
<INPUT TYPE=”hidden” NAME=”sessionid” VALUE=”a2u5634-345FKED545434”>
<INPUT TYPE=”hidden” NAME=”allowed” VALUE=”true”>
Sent by the browser when the previous form is submitted:
Non form variables
A variable is a non form variable if it is specified in an HTTP GET request and has a left delimiter different than '?' and a right delimiter different than '&'.
Session ID information embedded in the URL, which is received by the application through HTTP GET requests when the client clicks on links.
The session ID is a folder in the URL path (enclosed between two '/' characters)
Each time a client web browser accesses content from a particular domain or URL, if a cookie exists, the client browser is expected to submit any relevant cookie information as part of the HTTP request. Thus cookies can be used to preserve knowledge of the client browser across many pages and over periods of time. Cookies can be constructed to contain expiry information and may last beyond a single interactive session. Such cookies are referred to as “persistent cookies”, and are stored on the browser client's hard-drive in a location defined by the particular browser or operating system (i.e. c:\documents and settings\clientname\cookies for Internet Explorer on Windows XP). By omitting expiration information from a cookie, the client browser is expected to store the cookie only in memory. These “session cookies” should be erased when the browser is closed.
Remark: Session Cookies are Automatically Managed by AgileLoad.
AgileLoad scripts containing
session identifiers included in URLs or in Form flelds need to be
modified in order to be replayed.
The static values of the different session IDs written in the script during the recording must be replaced by variables. The new session ID values must be dynamically assigned to those variables.
This section presents the three ways offered by AgileLoad to manage sessions IDs:
Copyright © AgileLoad. All rights reserved.