[Server-devel] Populating the Moodle db with users

Martin Langhoff martin.langhoff at gmail.com
Wed Apr 21 21:03:24 EDT 2010


On Wed, Apr 21, 2010 at 8:25 PM, Ben T <benjtran at gmail.com> wrote:
> I've started on the JMeter scripts but got stuck when I try to have a thread
...
> issue ---- 'Incorrect sesskey submitted, form not accepted!'

Well, yeah, sounds right. Moodle has an XSS protection to make it
difficult for bots or malicious sw to do this kind of thing.

I am pretty sure that I've posted in a thread related to this (where
also tim hunt was posting) mentioning that the trick is to gut the
check_sesskey() function to always return true (instead of performing
the validation).

If recent moodles don't have it as an option (disable sesskey checks
for load testing / automated testing) then you should submit a patch
;-)

> checked the HTTP request that JMeter sends to the server and it does have
> the session key that I extracted from the response header after loading
> login/index.php

Yep - but it gets re-seeded in every login. So jmeter should be a tad
smarter to read the appropriate sesskey for every "client" it runs.



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Server-devel mailing list