Locust Directory

Login with CSRF Token

Support CSRF tokens, for example with the Laravel framework.

Overview

A test which posts to a login page when it starts, then requests /hello and /world normally. However, it also specifically handles getting a CSRF token for logging in with (in this example) Laravel.

Laravel automatically checks for a CSRF token when you submit data (by default). CSRF is designed to stop cross-site scripting against your site, and involves having a temporary token on each page that is submitted with every post. You'll know you've hit this issue if you receive an HTTP 419 error.

The below example can also be used for many other frameworks, or altered to suit them.

Code

import time
from locust import HttpUser, task, between

class QuickstartUser(HttpUser):
    wait_time = between(3, 5)

    def on_start(self):
        response = self.client.get("/login")
        csrftoken = response.cookies['XSRF-TOKEN']
    
        self.client.post("/login", 
                         {"username": "my_user", "password": "my_password"}, 
                         headers={"X-XSRF-TOKEN": csrftoken})

    @task
    def index_page(self):
        self.client.get("/hello")
        self.client.get("/world")    


This guide is part of the LoadForge Directory, an index of locustfile's for use with LoadForge website and API load tests. We also provide a wizard to generate tests, and onboarding assistance for clients. Contact us should you have any questions.

LoadForge provides load testing and stress tests for websites, APIs and servers. It uses your cloud account to rapidly scale large numbers of simulated users to load test your website, store, API, or application for cheap - just cents per test!

For more help on Tests please see our official documentation. Logged in users can also use our wizard to generate a locustfile, or you can record your browser steps.

Ready to run your test?
Start your first test within minutes.