> ## Documentation Index
> Fetch the complete documentation index at: https://docs.loadforge.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Load Testing Authenticated Login Flows

> Guide on handling CSRF tokens, sessions, and protected pages with LoadForge using Locust.

## Overview

Testing authenticated flows requires obtaining CSRF tokens, logging in with credentials, maintaining session cookies, and accessing protected endpoints. Locust’s `HttpUser` manages cookies automatically, enabling realistic user simulations.

## Locust Test Script (locust.py)

```python theme={null}
# locust.py
from bs4 import BeautifulSoup
from locust import HttpUser, between, task

class AuthFlowUser(HttpUser):
    wait_time = between(1, 3)
    host = "https://example.com"

    def on_start(self):
        # Load login page to fetch CSRF token
        response = self.client.get("/login", name="Get Login Page")
        soup = BeautifulSoup(response.text, "html.parser")
        token = soup.find("input", {"name": "csrf_token"})["value"]
        # Perform login with CSRF and credentials
        self.client.post(
            "/login",
            name="Perform Login",
            data={"username": "user", "password": "pass", "csrf_token": token}
        )

    @task(3)
    def load_dashboard(self):
        self.client.get("/dashboard", name="Dashboard")

    @task(1)
    def load_profile(self):
        self.client.get("/profile", name="Profile")
```

***

**Notes:**

* Install dependencies: `pip install locust beautifulsoup4`.
* Ensure form field names (`csrf_token`, `username`, `password`) match your application.
