Introduction to correlation in Jmeter


Correlation in Jmeter is a process of extracting some value from the response and pass the value in the subsequent request. Correlation is used to capture data from the response and again use the captured data in the next request. It is a very important concept in Jmeter as it enables us to correlate the response and subsequent requests.





Why do we need correlation?


Understand this with an example. Suppose you need to login to an application and then perform some activities. Once you login, you will notice that a session id, cookie id, or a token id gets generated and assigned to the logged in user. These unique IDs will be a part of every activity the user will perform (in the form of request parameters for the subsequent requests). Moreover, these unique IDs are dynamic ones i.e. every time the same user logs in, then a different value for token, session id etc. gets generated. Therefore we cannot use the same value again and again while executing our Jmeter test plan. In such cases, Correlation comes into picture.

There are 3 basic steps we need to perform in correlation:

1. Capture the dynamic value from the response.
2. Store the dynamic value in a variable
3. Pass the value in subsequent requests as a request parameter.






Regular expressions in Jmeter


Regular expression is a sequence of characters that define a search pattern. It is a combination of simple and special characters. We've used .+? to find dynamic value of _csrf. Here .+? is one of the regular expression in which every character has a meaning.

. represents -"Match any character"
+ represents- "One or more time"
? represents- "Stop when first match succeeds "



Regular Expression Extractor


Regular Expression Extractor is one of the post processor in Jmeter. As the name suggests, a post processor processes the response after the response has been received. To demonstrate the entire process, I've recorded below activities on a sample site using blazemeter plugin:

1. Launch the sample app
2. Login to the app
3. Perform some traversing of the products
4. Logout of the application.

Then I open the generated JMX file in Jmeter:

dynamic request parameter



Notice that our login request is consuming an additional request parameter called "_csrf" under the request parameter section. This "_csrf" is getting generated in the previous response and its value is dynamic i.e. every time a user login, the value of "_csrf" will be different.


Now if I run this test plan, it will fail the login step because it will try to send the same value in "_csrf" as captured during the recording session. We need to send the dynamic value in _csrf request parameter every time a user login.

login failed due to invalid csrf

To handle this, first of all, we'll identify all the parameters which are dynamically generating in the response (in our case, it is "_csrf" only) and also we need to identify the place where these dynamic values are generating i.e. the place could be "Response body", "Response header", "URL" etc. In our case it is "Response body".

identify the place where dynamic value is generating

Now that we've identified the dynamic parameter and the place where it is generating, the next step is to add a post processor i.e. a "Regular Expression Extractor" under the http request which is generating the dynamic parameters. This post processor will capture and process the response from the HTTPRequest under which it is being added.

The below image depicts a Regular expression extractor post processor, under this, I've given a variable name as "var". Also in the "Regular Expression" field, enter the html snippet- (name="_csrf" value="9c6307ee-4e3c-4") copied from the response body. Here replace the dynamic value -"9c6307ee-4e3c-4" with regular expression - "(.+?)" Now in "Match No." field, enter 1, as there is only the first match in which we need to apply the regular expression. There may be cases where there will be multiple matches in the response, so we need to specify the exact match for which we want to apply the regular expression.

regular expression extractor

Once the post processor is made, replace the value of csrf request parameter of the subsequent request with the variable 'var'.

replace the csrf value with the variable

Now run the test and observe, all the steps pass unlike the previous run in which the login was failed. In the latest run, the login has been successfully happened as we are now passing dynamic value in the _csrf parameter.

all requests including login request passed



Assertions in Jmeter


We've seen that this time we haven't got any error while login. But to ensure that we have successfully logged in to the application, we'll put a response assertion in the login request. This response assertion will check the html response and check whether the welcome message is displayed to the user or not. If it finds the user name and welcome text in the HTML response then our assertion is passed and we can conclude that our Jmeter test has successfully logged into the application. If the Response assertion gets failed, then we have to conclude that our Jmeter test has not yet managed to login to the app and further enhancements are required in the samplers to make it happen.

In the sample application, when a user login, the home page will display a welcome message on the UI as seen below.

welcome message after login

In the below image, you can see, a response assertion just below the login request. When I run my Jmeter test, this assertion will validate the text "jai" in the response body. If it finds the text "jai" in the response body then our assertion will pass and we can confirm that the login has been successful, but if it throws assertion error then it means the login has failed and enchancement needed in the Jmeter test plan.

Response assertion