Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backslashes included in sessionid when using URLRewritingModifier #2097

Closed
asfimport opened this issue Apr 11, 2008 · 8 comments
Closed

Backslashes included in sessionid when using URLRewritingModifier #2097

asfimport opened this issue Apr 11, 2008 · 8 comments
Labels
os: Linux P2

Comments

@asfimport
Copy link
Collaborator

Jens Hoffrichter (Bug 44807):
Hello,

When trying to load-test an AJAX heavy web application I ran into the following error:

At some point during my test plan my sessionid was replaced by the sessionid followed by a backslash.

After a bit of digging I found out that this occurred when there was JavaScript of the following type in the page:

sessionidvar = '<sessionidvalue>'; (for being used in an XMLHttpRequest)

I just added the backslash to the "terminating" characters for a normal sessionid (as I don't believe that it would be part of a sessionid anyway), and it worked just fine.

I include the patch to URLRewritingModified.java in here.

Regards,
Jens

Created attachment URLRewritingModifier_Backslash.patch: Patch to fix the mismatching session id

URLRewritingModifier_Backslash.patch 
diff -Nur jakarta-jmeter-2.3.1/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java jakarta-jmeter-2.3.1.fixed/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java
--- jakarta-jmeter-2.3.1/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java	2007-11-28 14:11:41.000000000 +0100
+++ jakarta-jmeter-2.3.1.fixed/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java	2008-04-11 16:00:18.475721127 +0200
@@ -169,7 +169,7 @@
 
 		parameterRegexp = JMeterUtils.getPatternCache().getPattern(
                 // ;sessionid=value
-				"[;\\?&]" + quotedArg + "=([^\"'>&\\s;]*)[&\\s\"'>;]?$?" +  // $NON-NLS-1$
+				"[;\\?&]" + quotedArg + "=([^\"'>&\\s;\\\\]*)[&\\s\"'>;]?$?" +  // $NON-NLS-1$
                 
                 // name="sessionid" value="value"
                 "|\\s[Nn][Aa][Mm][Ee]\\s*=\\s*[\"']" + quotedArg

Severity: normal
OS: Linux
@asfimport
Copy link
Collaborator Author

Sebb (migrated from Bugzilla):
I tried adding a test for this, but the test failed with your patch.

What is the surrounding context for the assignment?

@asfimport
Copy link
Collaborator Author

Jens Hoffrichter (migrated from Bugzilla):
Some of the initial assumptions were wrong, I admit :)

I thought that is was because of a session variable passed in along JavaScript, but after some debugging I found out that it was because of a complete URL passed along in JavaScript (probably for a redirect), quote in single quotes, which posed the problem.

So if something like this in the response, the URLRewritingModifier might cause a problem:

newurl = '/index.html?sessionid=blabla';

I have created a unittest for that (testGrabSessionIdURLinJSON), and updated my patch to include the unit test.

Without my patch, the unit test fails, with the patch, it runs fine.

I hope this will help you to resolve the issue.

Regards,

Jens

@asfimport
Copy link
Collaborator Author

Jens Hoffrichter (migrated from Bugzilla):
Created attachment URLRewritingModifier_Backslash_incl_Unittest.patch: Updated patch for session id parsing, including unittest

URLRewritingModifier_Backslash_incl_Unittest.patch 
diff -Nur jakarta-jmeter-2.3.1/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java jakarta-jmeter-2.3.1.fixed/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java
--- jakarta-jmeter-2.3.1/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java	2007-11-28 14:11:41.000000000 +0100
+++ jakarta-jmeter-2.3.1.fixed/src/protocol/http/org/apache/jmeter/protocol/http/modifier/URLRewritingModifier.java	2008-04-16 17:04:24.303335891 +0200
@@ -169,7 +169,7 @@
 
 		parameterRegexp = JMeterUtils.getPatternCache().getPattern(
                 // ;sessionid=value
-				"[;\\?&]" + quotedArg + "=([^\"'>&\\s;]*)[&\\s\"'>;]?$?" +  // $NON-NLS-1$
+				"[;\\?&]" + quotedArg + "=([^\"'>&\\s;\\\\]*)[&\\s\"'>;]?$?" +  // $NON-NLS-1$
                 
                 // name="sessionid" value="value"
                 "|\\s[Nn][Aa][Mm][Ee]\\s*=\\s*[\"']" + quotedArg
diff -Nur jakarta-jmeter-2.3.1/test/src/org/apache/jmeter/protocol/http/modifier/TestURLRewritingModifier.java jakarta-jmeter-2.3.1.fixed/test/src/org/apache/jmeter/protocol/http/modifier/TestURLRewritingModifier.java
--- jakarta-jmeter-2.3.1/test/src/org/apache/jmeter/protocol/http/modifier/TestURLRewritingModifier.java	2007-11-28 14:09:49.000000000 +0100
+++ jakarta-jmeter-2.3.1.fixed/test/src/org/apache/jmeter/protocol/http/modifier/TestURLRewritingModifier.java	2008-04-16 17:05:33.423309105 +0200
@@ -177,6 +177,21 @@
 			}
 		}
 
+    public void testGrabSessionIdURLinJSON() throws Exception {
+			String html = "/index?param1=bla&sessionid=xyzxyzxyz\\'";
+			response = new SampleResult();
+			response.setResponseData(html.getBytes());
+			mod.setArgumentName("sessionid");
+			HTTPSamplerBase sampler = createSampler();
+			sampler.addArgument("sessionid", "xyzxyzxyz");
+			context.setCurrentSampler(sampler);
+			context.setPreviousResult(response);
+			mod.process();
+			Arguments args = sampler.getArguments();
+			assertEquals("xyzxyzxyz", ((Argument) args.getArguments().get(0).getObjectValue())
+					.getValue());
+		}
+
         public void testCache() throws Exception {
             String[] html = new String[] { 
                     "<input name=\"sid\" value=\"myId\">",

@asfimport
Copy link
Collaborator Author

Sebb (migrated from Bugzilla):
Can you provide a full URL showing the problem?

If necesary, change the host etc to anonymise the URL.

No need for a new test case, I can adjust as necesssary.

@asfimport
Copy link
Collaborator Author

Jens Hoffrichter (migrated from Bugzilla):
I'm not entirely sure (the page is quite long, it is hard to read.....), but I think the following line is the "offender":

<a href="#" onclick="$('mailpreview_iframe').src='/webmail/mail_download/?preview=1&fldr=INBOX&id=2&partid=1&mediatype=TEXT%2FPLAIN&encoding=7BIT&charset=us-ascii&textpreview=1&tempid=HUDXReOOE2y2QS2m';" title="Textnachricht anzeigen">

Regards,
Jens

@asfimport
Copy link
Collaborator Author

Sebb (migrated from Bugzilla):
I assume you are lookig for "tempid" here?

@asfimport
Copy link
Collaborator Author

Jens Hoffrichter (migrated from Bugzilla):
Yes, exactly. That is the session identifier.

It is configured as that, without any extra options except "cached" set on in the URLRewritingModifier.

Regards,
Jens

@asfimport
Copy link
Collaborator Author

Sebb (migrated from Bugzilla):
OK, thanks for the patch.

I've added it to SVN:

http://svn.apache.org/viewvc?rev=648901&view=rev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os: Linux P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@asfimport