Performance Testing Secured Web Site
https://stackoverflow.com/questions/8301589
-
25-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How is the community handling performance testing of their secured web areas? We don't particularly have a public facing web site, thus users have to be logged into be able view data / access the system. To further complicate matters, we can not allow users to be logged in multiple times -- if you attempt to login a second time your first session is invalidated. We could turn this feature off (as well as second-level caching), but then we are testing a system which is inherently different from production.
What methodologies should we look into to stress test our application?
Our developers are pretty proficient with Java and Python.
Solution
Good question.
Normally we'd use something like Selenium to automate a web-browser talking to the web application itself. This is a system-level approach, and has several advantages:
- You are measuring the performance of client-browser too
- You can see (to some extent) if the site performs better or worse in different browsers
- It is compatible with techniques which do not lend themselves to "raw" web driver programs like ApacheBench
Of course it can take a large amount of work to create automated tests which are representative of real users actions.
Normally you'd have some special test-system with known hardware (ideally similar to production) and a database which includes certain objects which the test suite expects to find. You could also load a production-size (or bigger) simulated data set into this system.
If you used (for example) Selenium to automate functional tests, the functional tests could be reused to build a performance-test suite. That's what we did before.
