Thanks for the pointer!! I just found the file -- /var/www/moodle/web/lib/moodlelib.php<div>changed confirm_sesskey() to return true</div><div><br></div><div>Just ran my JMeter script with 5 threads and they all posted to the forum at the same time, each with its own random string =D</div>
<div><br></div><div>I'll be sure to add my scripts to <a href="http://moodle.org">moodle.org</a> when I'm done with them.</div><div><br></div><div>Thx!</div><div>Ben</div><div><br><div class="gmail_quote">On Wed, Apr 21, 2010 at 6:03 PM, Martin Langhoff <span dir="ltr"><<a href="mailto:martin.langhoff@gmail.com">martin.langhoff@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Wed, Apr 21, 2010 at 8:25 PM, Ben T <<a href="mailto:benjtran@gmail.com">benjtran@gmail.com</a>> wrote:<br>
> I've started on the JMeter scripts but got stuck when I try to have a thread<br>
</div>...<br>
<div class="im">> issue ---- 'Incorrect sesskey submitted, form not accepted!'<br>
<br>
</div>Well, yeah, sounds right. Moodle has an XSS protection to make it<br>
difficult for bots or malicious sw to do this kind of thing.<br>
<br>
I am pretty sure that I've posted in a thread related to this (where<br>
also tim hunt was posting) mentioning that the trick is to gut the<br>
check_sesskey() function to always return true (instead of performing<br>
the validation).<br>
<br>
If recent moodles don't have it as an option (disable sesskey checks<br>
for load testing / automated testing) then you should submit a patch<br>
;-)<br>
<div class="im"><br>
> checked the HTTP request that JMeter sends to the server and it does have<br>
> the session key that I extracted from the response header after loading<br>
> login/index.php<br>
<br>
</div>Yep - but it gets re-seeded in every login. So jmeter should be a tad<br>
smarter to read the appropriate sesskey for every "client" it runs.<br>
<div><div></div><div class="h5"><br>
<br>
<br>
m<br>
--<br>
<a href="mailto:martin.langhoff@gmail.com">martin.langhoff@gmail.com</a><br>
<a href="mailto:martin@laptop.org">martin@laptop.org</a> -- School Server Architect<br>
- ask interesting questions<br>
- don't get distracted with shiny stuff - working code first<br>
- <a href="http://wiki.laptop.org/go/User:Martinlanghoff" target="_blank">http://wiki.laptop.org/go/User:Martinlanghoff</a><br>
</div></div></blockquote></div><br></div>