Response variables

We just added support for response variables in load tests. can now parse the HTTP header responses from your website, and you can use the value of these headers in subsequent test requests.

Using variables, you can now run a test that logs in to your website even when you have cross-site request forgery (CSRF) protection enabled. has always supported cookie-based sessions, but previously you could only log in against sites that didn’t use CSRF protection. When CSRF is enabled, any forms on your web page will have a unique token as a hidden form field. The web client must send this token alongside the other form fields or the server will refuse to process the form. Web frameworks like Rails and Django have CSRF enabled by default. Until variable support, you weren’t able to send back the CSRF token needed for login.

You’ll need to configure your web application to put the CSRF token in the header so that can capture it into a variable. For example, for the application in the Ruby on Rails Tutorial, add a line to the SessionsController#new method in app/controllers/sessions_controller.rb:

class SessionsController < ApplicationController
  def new
    response.headers['X-Csrf-Token'] = form_authenticity_token

This adds a new response header called X-Csrf-Token which contains the CSRF token.

When defining your test, you’ll need to initially do a GET on the URL that contains your login web form, and define a variable (let’s call it csrf) associated with the X-Csrf-Token header. You’ll then need to do a POST against the URL that processes the login credentials. In addition to the login and password fields, you must add an additional field that corresponds to the CSRF token. Rails calls this field “authenticity_token”. It should be set to the value {{csrf}} where the double braces indicate that this is a variable name. Your test definition would look something like this:

Defining and using variables

Processing CSRF tokens is just one possible application of variables. Check out the docs for more details on how to use variables in your tests.