captain holly java blog

how to use Apache Bench (ab) to test a page that requires login

Posted in tomcat, Uncategorized by mcgyver5 on September 10, 2009

ab is a tight and effective tool for load testing web applications. It comes with every install of apache httpd.
If a page is behind a login screen, you can use the -p flag to define a file that contains post variables for login and password:

C:\Apache2.2\bin>ab -p C:\posts\post.txt -T application/x-www-form-urlencoded -n
1000 -c 22 http://myServer/myapplication:8008/CentralCashier/

If a page is only accessible by a logged in user, not directly accessible from the login page, then you can use the -C flag to define a cookie. You have to get the value of the session identifier cookie from a valid session. Use a proxy like Webscarab or Paros to capture a request and copy the JSESSIONID=xxxxx from the request and use it with ab:

C:\Apache2.2\bin>ab -C JSESSIONID=36D5AE14223E1D4ED0B2BBC5C7F411EA -n 1000 -c 22 http://myServer/myapplication:8008/CentralCashier/

Alternatively, you can just turn off the authentication filter for the purposes of your test.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: