I'm trying to upgrade to soapUI 4.5.1 but I'm running in to problems concerning the handling of Cookies. All test cases use the "Maintain HTTP session" setting since we rely in part on using the JSESSIONID cookie. In 4.0.1, each test case would get a new session without any cookies. In 4.5.1 however, the same session seems to be maintained across all test cases. Say I have two test cases, A and B. After running A, the first request sent by B will contain any cookies set by A.I can get rid of this issue by clearing out any cookies in the setup script of each test case, but that's a lot to maintain when you have hundreds of test cases.

Hi,Are you sure that this is soapUI 4.5.1, and not 4.5.0? This was a known bug in 4.5.0, but should have been fixed in 4.5.1 (I just verified this by running this issue's unit test).RegardsHenrikSmartBear Software

Could you point me to the issue that you mentioned? I'm not really sure this is the same issue.I am certain that I get this problem in 4.5.1. To verify it, I run two tests in a row and then look at the Raw request information of a step in each of the test cases. I can then see that they both send the same JSESSIONID (for example Cookie: JSESSIONID=C2434FF9BE1FF8B2AB7A34836F456879.@JVM_ROUTE@) to the server. Using 4.0.1, each test case would start a fresh session. In 4.5.0, the Raw view doesn't show all headers sent, so I can't determine the behavior using this approach.

I observed also HTTP session is no longer properly maintained in recent versions of soapUI. I tested with 4.5.1 and the latest nightly build, all with the same results.There seems to be one HTTP session shared by all threads. I created a testcase (attachment) to demonstrate this behavior. I checked "Maintain HTTPS Session".I created a webservice that creates a session. Subsequent calls report the number of times this particular session has been used. This public service is (temporary) available at http://d4cca2c7.cm-2.dynamic.ziggo.nl:8 ... ount_calls. If you call it in a browser the behavior can be checked by using <F5>. I call this service twice in the testcase: the first time the times_uses should be 0, the second time is should be 1. The single testcase is successful, but the loadtest with multiple threads fails big time! The same session cookie is used for all calls by all threads. A small improvement can be made by dropping the cookie in the first test step, but I don't think that should be necessary.

Hi, could you post the setup script to clear the cookies? I'm having the same issue.Thanks in advance.EDIT - Never mind, I found the code inside your test case

This issue was already posted here (4.5.0):viewtopic.php?t=13382

Session/Cookie handling bug in soapUI 4.5.1

mannyvel
Occasional Contributor
12 years ago
This also happens in LoadUI, which apparently uses SoapUI underneath.

The good thing is that you can check for this by saving off the JSESSIONID value in the context after you get a session, then using a script between each step to compare the value of JSESSIONID to your stored value. If it doesn't match, you can try and force JSESSIONID back to the old one or just jump to your logout handler, or both.

This isn't ideal, but it mostly works.

I'm curious if this happens in the Pro version. Are there people who paid $10k for a tool (load ui pro) that can't handle sessions correctly?
mannyvel
Occasional Contributor
12 years ago
As a note, checking for the JSESSIONID by hand doesn't work. Next thing I'm going to try is turning off session support and just using cookies directly.
mannyvel
Occasional Contributor
12 years ago
Just verified that the same bug occurs in SoapUI Pro 4.5.1.

This is a simple testcase with 4 calls:

login/http
login/amf
search/amf
logout/http

There are two threads in the loadtest, with 1 run per thread.

This is what I see (from the Charles proxy). The second cookie is never used. I see from psiprobe that that other session is an anonymous session, hanging out on the server waiting to expire.

Request
POST /MY_APP/j_spring_security_check?j_username=testuser1&j_password=testpassword&submit=login HTTP/1.1
Response 1
Set-Cookie JSESSIONID=7E2EF24479D172EE9AE066D75B5F3AAC; Path=/MY_APP
Request 2
POST /MY_APP/j_spring_security_check?j_username=testuser2&j_password=testpassword&submit=login HTTP/1.1
Response 2
Set-Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD; Path=/MY_APP
Request 3
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD
Request 4
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD
Request 5
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD
Request 6
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD
Request 7
GET /MY_APP/j_spring_security_logout HTTP/1.1
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD
Request 8
GET /MY_APP/j_spring_security_logout HTTP/1.1
Cookie JSESSIONID=C9D3A808721A6B9D3421737FD4EEE7FD

I noticed that the user-agent is:

User-Agent Apache-HttpClient/4.1.1 (java 1.5)

My local java is:

java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06-451-11M4406)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01-451, mixed mode)
mannyvel
Occasional Contributor
12 years ago
Since sessions work fine when you run only test at a time, you can bypass the session bug by spawning multiple testrunners from a driver shell script and parameterizing in the script.

You won't get the fancy graphs, but you can log the data and use excel, etc to make graphs.

I haven't heard anything definitive, but apparently sessions aren't supported in load tests, even in the pro version.
mannyvel
Occasional Contributor
12 years ago
Apparently the session is preserved in test cases now (4.5.2). Time to download it and see!
mannyvel
Occasional Contributor
12 years ago
In 4.5.2, session cookies don't persist across different types of calls.

Call 1: HTTP POST
response: set-cookie
Call 2: AMF POST
request: no cookie present
Call 3: HTTP GET
request: cookie is present

The cookie should be set after call 1, but it's not present in call #2. It is present in call #3. This used to work in 3.5.1. HTTP session is checked, AMF session is not checked.
lucky66
11 years ago
I have a testsuite that contains several login steps for different certificates..when run the test individually the test will pass sucessfully but when run in a suite the tests are failing.
The problem here is when second certficate login step executing, the first certificate is tryin to login and in response getting first certificate response.
How to expire the first login before execute the next login? or is there any other approach?

Forum Discussion

Session/Cookie handling bug in soapUI 4.5.1

Related Content

Maintain HTTP Session: Should pass cookies to following request

How does SoapUi handles 307 redirections ?

Handling Inconsistent popups

Reusable assertions for REST error handling in SoapUI

Error handling Test Case Execution

Recent Discussions

Facing Issues with Edge Computing and SmartBear ReadyAPI 3.x – Any Advice?

Faulting module name: MSVCP140.dll

How Does Edge Computing Integrate with IoT Devices and Affect Data Processing?

Create Selenium Tests in ReadyAPI

Dynamic array for the field within request node