← Load Test Directory

Load Testing Authenticated Login Flows

Guide on handling CSRF tokens, sessions, and protected pages with LoadForge using Locust.

You are now browsing the LoadForge locust test directory. You can use these tests as a starting point for your own tests, or use our AI wizard to generate one automatically.

World

Overview

Testing authenticated flows requires obtaining CSRF tokens, logging in with credentials, maintaining session cookies, and accessing protected endpoints. Locust’s HttpUser manages cookies automatically, enabling realistic user simulations.

Locust Test Script (locust.py)

# locust.py
from bs4 import BeautifulSoup
from locust import HttpUser, between, task

class AuthFlowUser(HttpUser):
    wait_time = between(1, 3)
    host = "https://example.com"

    def on_start(self):
        # Load login page to fetch CSRF token
        response = self.client.get("/login", name="Get Login Page")
        soup = BeautifulSoup(response.text, "html.parser")
        token = soup.find("input", {"name": "csrf_token"})["value"]
        # Perform login with CSRF and credentials
        self.client.post(
            "/login",
            name="Perform Login",
            data={"username": "user", "password": "pass", "csrf_token": token}
        )

    @task(3)
    def load_dashboard(self):
        self.client.get("/dashboard", name="Dashboard")

    @task(1)
    def load_profile(self):
        self.client.get("/profile", name="Profile")

Notes:

  • Install dependencies: pip install locust beautifulsoup4.
  • Ensure form field names (csrf_token, username, password) match your application.

Ready to run your test?
Run your test today with LoadForge.

Run free test