Correlation principle Description

issues associated with

The communication between the client and the server, in part, is that the data is dynamic and each communication is different. The Proxy Recorder is not able to distinguish between static and dynamic information when recording, and all information is recorded in a hard-coded manner. However, if some information does not change during playback, the script cannot be executed successfully. Consider the following scenario:

As shown, user JoJo Log in to a Web server with Jojo/bean's account/password, query for information about a product, and record all communication packets for the transaction by Vugen. The Web server returns a dynamic session ID to JoJo: [email protected] as the session ID for this login. Since Vugen is unable to know what information is dynamic, it will record all the data in the form of a single full collection. Then JoJo according to the Web server told his SessionID to query the product list, the transaction can be carried out normally.

We will observe that when Vugen generates an HTTP script from a captured communication packet, SessionID is hard-coded, which is "write dead" inside the program. What happens when we replay the script without modification? As shown in the following:

According to the script at the time of recording, JoJo Log in with Jojo/bean, the WEB server returns to JoJo a dynamic session ID: [email protected], this value is not recorded when the [email protected], but the new value: [ Email protected]. Then the script will still use [email protected] to execute the following transaction based on the value of the recorded SessionID. Because the session ID is timeliness, after the user exits the system, its SessionID will be invalidated, then the server will give a "SessionID failure" error, resulting in the script will not be able to perform properly.

The general workaround for the above problem is as follows:

In the first time from the server to get SessionID, put it in a variable <session_id> inside, in the script to access the server's statement, all the "[email protected]" replaced with a variable <session_id > will be able to solve this problem satisfactorily.

This kind of problem is very common in any system of external problems. The common pattern is: "The server returns some dynamic value to the client, and when the client uses these values to access the server, the values cannot be written to the script but should be stored in a variable." "This is the concept of association.

The associated work tends to occupy most of the development script, because we have to perform detailed analysis of each specific system to determine the dynamic information it needs to correlate.

Correlation principle Description