Preface: There was a previous blog that recorded the building process of the interface automation framework. The Pytest+Excel+Mysql+MongDB+Allure interface automation test framework was built from 0 to 1. In actual projects, calling other business interfaces generally requires cookies and requests Head, and what are Tooken and Session, these concepts, this blog mainly learns the basic concepts, how Cookie and Session are generated, and how to apply them in actual interface automation projects
The blog address of the previous interface automation testing framework:
basic concept
Draw a sketch according to my own understanding
The user needs to enter the user name and password when visiting for the first time, the server will store the cookie, and the value in the cookie will have sessenID, which is the session ID, and will also generate a Token token
During the second visit, the server will return the Cookie, and the browser will save the Token token, and use the Token token to access, so there is no need to enter the user name and password again
Cookie Session Tooken
A very clear article, recommended!
This article explains the difference between Token, Cookie and Session - Zhihu (zhihu.com)
How to generate Cookie and Session
Use java code to demonstrate how Cookie and Session are generated
package com.example.interfaceautotest.controller;
import com.example.interfaceautotest.mapper.CaseMapper;
import com.example.interfaceautotest.model.MysqlUserData;
import com.example.interfaceautotest.model.Result;
import com.example.interfaceautotest.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@RestController
@RequestMapping("/test")
public class Login {
@Resource
UserService UserService;
@PostMapping("/login")
public Result login(String username, String password, HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession();
String sessionId = session.getId();
System.out.println("sessionId是" + sessionId);
session.setMaxInactiveInterval(10);
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
System.out.println(cookie.getName() + ":" + cookie.getValue());
}
}
Object loginName = session.getAttribute("loginName");
if (loginName != null) {
if (loginName.toString().equals(username)) {
return new Result(-100, "不能再次登录", "已经登录过了");
} else {
return new Result(-101, "不能再次登录", "其他用户已经登录了");
}
}
Result login = UserService.login(username, password);
if (login.getCode() == 200) {
session.setAttribute("LoginName", username);
Cookie jsessionidCookie = new Cookie("JSESSIONID", sessionId);
jsessionidCookie.setMaxAge(120);
jsessionidCookie.setPath("/");
response.addCookie(jsessionidCookie);
}
return login;
}
@GetMapping("/logout")
public Result logout(HttpServletRequest request) {
HttpSession session = request.getSession();
String sessionId = session.getId();
System.out.println("登出接口的sessionId是" + sessionId);
session.invalidate();
return new Result(200, "登出成功", "注销!");
}
}Result display
When calling the interface with request, you can see the sessionID returned in the returned cookie
When calling the interface with postman, you can also see the value in the cookie
After calling the logout interface again, the value of JSESSION changes
To be continued...
This part will be improved in the future, including how to bypass the verification code in automated testing