[Server-devel] Populating the Moodle db with users
Martin Langhoff
martin.langhoff at gmail.com
Wed Apr 21 21:03:24 EDT 2010
On Wed, Apr 21, 2010 at 8:25 PM, Ben T <benjtran at gmail.com> wrote:
> I've started on the JMeter scripts but got stuck when I try to have a thread
...
> issue ---- 'Incorrect sesskey submitted, form not accepted!'
Well, yeah, sounds right. Moodle has an XSS protection to make it
difficult for bots or malicious sw to do this kind of thing.
I am pretty sure that I've posted in a thread related to this (where
also tim hunt was posting) mentioning that the trick is to gut the
check_sesskey() function to always return true (instead of performing
the validation).
If recent moodles don't have it as an option (disable sesskey checks
for load testing / automated testing) then you should submit a patch
;-)
> checked the HTTP request that JMeter sends to the server and it does have
> the session key that I extracted from the response header after loading
> login/index.php
Yep - but it gets re-seeded in every login. So jmeter should be a tad
smarter to read the appropriate sesskey for every "client" it runs.
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list