Skip to main content

Overview

Testing authenticated flows requires obtaining CSRF tokens, logging in with credentials, maintaining session cookies, and accessing protected endpoints. Locust’s HttpUser manages cookies automatically, enabling realistic user simulations.

Locust Test Script (locust.py)

# locust.py
from bs4 import BeautifulSoup
from locust import HttpUser, between, task

class AuthFlowUser(HttpUser):
    wait_time = between(1, 3)
    host = "https://example.com"

    def on_start(self):
        # Load login page to fetch CSRF token
        response = self.client.get("/login", name="Get Login Page")
        soup = BeautifulSoup(response.text, "html.parser")
        token = soup.find("input", {"name": "csrf_token"})["value"]
        # Perform login with CSRF and credentials
        self.client.post(
            "/login",
            name="Perform Login",
            data={"username": "user", "password": "pass", "csrf_token": token}
        )

    @task(3)
    def load_dashboard(self):
        self.client.get("/dashboard", name="Dashboard")

    @task(1)
    def load_profile(self):
        self.client.get("/profile", name="Profile")

Notes:
  • Install dependencies: pip install locust beautifulsoup4.
  • Ensure form field names (csrf_token, username, password) match your application.
I