how to keep session and CSRF token in locust test

Question

I wan't to test my django web app with locust.io. In a form I have a problem with CSRF token. I do the following:

class WebsiteTasks(TaskSet):
    def on_start(self):
        print("On start")

    @task
    def post_answer(self):
        self.client.get("/polls/2/vote")
        self.client.post("/polls/2/vote/", {"choice": "8"})

Why do I get a 403 error? That the post is forbidden, the locust documentation says that the client objects keeps the session alive..

sax · Accepted Answer · 2014-12-06T22:59:31.100

22

change your code as:

@task
def post_answer(self):
    response = self.client.get("/polls/2/vote")
    csrftoken = response.cookies['csrftoken']

    self.client.post("/polls/2/vote/", 
                     {"choice": "8"}, 
                     headers={"X-CSRFToken": csrftoken})

edited Dec 06 '14 at 22:59

answered Dec 06 '14 at 21:25

sax

3,708
19
22

This will failed on flask-wtf I think. Should I parse the "session=...." to get csrftoken in flask? – jiamo Apr 01 '16 at 15:48
you also need to send the token in cookies – slajma Mar 12 '21 at 16:44

score 5 · Answer 2 · answered May 13 '16 at 03:55

I ran into this problem running a Locust test against Django 1.8.5 and it required adding the csrf token to the cookies, headers, and form POST data as well like below in order to not get caught up with a 403. Something like:

@task
def post_answer(self):
    response = self.client.get("/polls/2/vote")
    csrftoken = response.cookies['csrftoken']

    self.client.post("/polls/2/vote/", {"choice": "8",
                     "csrfmiddlewaretoken": csrftoken}, 
                     headers={"X-CSRFToken": csrftoken},
                     cookies={"csrftoken": csrftoken})

how to keep session and CSRF token in locust test

2 Answers2