[OpenSTA-devel] Management of persistent cookies - Remote recording mode and HTTPS
Brought to you by:
dansut
Menu
▾
▴
[OpenSTA-devel] Management of persistent cookies - Remote recording mode and HTTPS
|
From: Thierry B. <thi...@ke...> - 2005-01-06 17:06:59
|
Hi,
I noted something of strange in the management of the persistent cookies
by OpenSTA during the capture of HTTPS session with remote recording mode.
I use Mozilla or Firefox as browser to record my script but in fact the
cookies stored by IE are used. Moreover, the resources returned by the
Web server (HTTPS responses) are placed in the IE cache and the Firefox
cache. The persistent cookies generated during HTTPS session are
recorded by the mechanism of IE and are not recorded by Mozilla or
Firefox. The session cookies are recorded only by Mozilla or Firefox.
The HTTPS session contains redirections and basic HTTP authentication.
For HTTP sessions, the IE cache is not used but the persistent cookies
are recorded by IE and Firefox.
The cookies stored by IE are also used.
The modeler is configured with browser IE6 but as I am in remote mode,
does the browser have an importance?
Anyway, it is the only browser in the list which is installed on my system.
I think that the problem in the management of the cookies of Firefox is
related to the rewriting of HTTPS URLs.
There is no correspondence between the URL seen by the browser
http://{www.toto.net and the domain of the cookie www.toto.net.
Apparently the rewriting of URLs HTTPS generates many problems (known
bugs).
Perhaps that the question was already discussed, but which is the reason
of the choice of this solution to manage
HTTPS sessions, apart from having only one listening port (browser side)
for the gateway ?
Which would be the difficulty to develop a solution without rewriting
i.e. to preserve the URLs https:// in the browser?
That would make it possible to use the browser in a more real way.
Dan, since you worked much on the gateway and the rewriting of HTTPS
URLs, do you have an opinion?
The gateway (gwhttp.dll) is based on wininet.dll.
Is this the reason of the interferences with the mechanisms of IE (cache
and cookie) which I noted?
If the gateway is much based on the Windows layers, that will be more
difficult to port it on other systems.
Is it necessary to plan to completely rewrite it?
Here the detail of the successive steps of my tests:
System Configuration :
Windows XP Pro SP2
OpenSTA 1.4.2.34
IE 6 SP2
Mozilla Firefox 1.0
Mozilla 1.6
Script Modeler Configuration :
Browser = Internet Explorer 6
Gateway remote
Automatic Cookie Generation
**** HTTPS Session recorded with Firefox ****
1) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording without creation of persistent cookie
=> No static cookie (like CONSTANT S_cookie_1_0 = "...") in
the script
Temporary files in IE cache and Firefox cache
2) IE : one persistent cookie (for the web server used,
tbo...@ww...) and cache empty ; Firefox : no cookie and cache empty
Script recording without creation of persistent cookie
=> One static cookie in the script with the same value than the IE
persistent cookie
Temporary files in IE cache and Firefox cache
3) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording without creation of persistent cookie
=> No static cookie in the script
Temporary files in IE cache and Firefox cache
4) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording with creation of persistent cookie
=> No static cookie in the script
Temporary files in IE cache and Firefox cache
Persistent cookie recorded by IE (tbo...@ww...) and
not by Firefox
Script recording without creation of persistent cookie
=> One static cookie in the script with the same value than the IE
persistent cookie
Temporary files in IE cache and Firefox cache
5) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording without creation of persistent cookie
=> No static cookie in the script
Temporary files in IE cache and Firefox cache
6) IE : no cookie and cache empty ; Firefox : one persistent cookie for
www.toto.net and cache empty
Script recording without creation of persistent cookie
=> No static cookie in the script
Temporary files in IE cache and Firefox cache
**** HTTP Session recorded with Firefox ****
1) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording with creation of persistent cookie
=> No static cookie in the script
Temporary files only in Firefox cache
Persistent cookie recorded by IE (tbo...@go...) and by
Firefox (google.com), same value
2) IE : one persistent cookie (for the web server used
tbo...@go...) and cache empty ; Firefox : no cookie and cache empty
Script recording with creation of persistent cookie
=> One static cookie in the script with the same value than the IE
persistent cookie
Temporary files only in Firefox cache
No persistent cookie created because no server demand
3) IE : no cookie and cache empty ; Firefox : no cookie and cache empty
Script recording with creation of persistent cookie
=> No static cookie in the script
Temporary files only in Firefox cache
Persistent cookie recorded by IE (tbo...@go...) and by
Firefox (google.com), same value
4) IE : no cookie and cache empty ; Firefox : one persistent cookie for
google.com and cache empty
Script recording with creation of persistent cookie
=> One static cookie in the script with the same value than the
Firefox persistent cookie
Temporary files only in Firefox cache
No persistent cookie created because no server demand
5) IE : one persistent cookie for tbo...@go... and cache empty
Firefox : one persistent cookie for google.com (same value than IE)
and cache empty
Script recording with creation of persistent cookie
=> One static cookie in the script with the same value than the IE
and Firefox persistent cookie
Temporary files only in Firefox cache
No persistent cookie created because no server demand
Thierry
Thierry Boullet
www.kereval.com
|
