Each of my application's POST request needs to extract a CSRF token from its page. These POST requests are made either via normal Forms or via Multipart/Form-Data type forms. Now, when I define this variable extractor as a POST parameter in a Multipart/Form-Data type form, it successfully extracts the CSRF token through a regular expression. But when I define a variable extractor to extract the a similar CSRF token as a POST parameter in a normal form, Neoload doesn't seem to be able to extract the CSRF token, at least not in the variable extractor box (it's still able to extract when I validate the user path). You can see in attachment 'form.png' (my second attachment), the variable extractor box says <NOT FOUND>, while in 'multiform.png' (my first attachment), it shows the extracted CSRF token.
Again, the weird thing is that Neoload is able to extract the CSRF token when it validates the user path, irrespective of whether it is in a multipart form or a normal form. But why doesn't the extracted content show up when I define the variable extractor in a form, as opposed to a multipart form? Does Neoload handle variable extractors defined in multipart forms differently than the ones defined in normal forms?
I am concerned with this since when I run a load test scenario, Neoload gives a 403 error on all CSRF variable extractors defined on normal forms. We had the same error code when we were running each user path individually, but adding the CSRF token extractor resolved it. Now when I run a whole scenario of multiple user paths, I can see the 403 error at every user path which uses a variable extractor as a POST parameter in a normal form. I am suspecting this has something to do with the extracted content not showing up in the variable extractor box.
Any help or pointers would be appreciated. Thanks!
It's difficult to provide affirmative feedback on such issue without seeing your project. So i'm going to guess and i'm sorry if it's not relevant in your context.
That being said looking at your screen shot the extractor that is not working is based on the response of the "/" request. You should look at the response of that request and check if you can find your CRSF value. Maybe the format of the value is different from the one that should be re-used and that may explain why NeoLoad can't find it.
Anyway, for such value i would suggest you to manually extract it and create a framework parameter so it can be easily applied on any of your user paths and/or for any futur recordings.