For automated test scripts, in practical terms, it means that the application has associated some information or data which is specific to a particular user session. A context has been established.
When a user logs into an application, the application may assign a session id to a particular user. The session id is managed by the server and the client so that the user does not need to know anything about the session id. When the server receives a message, it uses the session id to identify which user it has received a message from. Knowing who the user is can be used for many activities such as:
1. Ensuring the user is allowed to access a screen or data item
2. Identify which data is pertinent to a particular user
3. Log an audit trail of data and application usage
When generating an automated test script, the first step is to record the automation. This collects all relevant information exchanged between the client and the server, including session ids. Interestingly, by default, most of the major test tools encrypt the password that is captured during a recording session. For example, with Loadrunner, ‘password’ could become ‘4a49e9ac50ecbc528a311ce9’
If the performance tester were to attempt to play back the recorded script, it would most likely fail. The recorded session id would no longer be valid. When a request was received by the server, it would determine that the session id had expired and was no longer valid and therefore would decline the request.
In order for the script to work, the performance tester needs to correlate the session id. The first thing to do is to find the session id in the log. An example of what a sessionid looks like follows:
The recorded value will differ from the value returned to the automated test script on first playback. Hopefully, the length of the session id will remain constant. It may take some searching to find, but careful study of a detailed log will eventually yield the session id.
The session id then needs to be captured. All of the major test tools allow for capturing of returned strings as part of correlation. An example below shows part of a buffer trace, and the Loadrunner command to capture the session id.