cant find Xsrf-Token on requests

Question

Im doing a login in jmeter

Previously i sent a request login [options] where i get the cookie and save in a header variable,,second request is the login[POST] request which has credentials as payload and i set the cookie from previous req and send as a header(CookieManager.save.cookies property is set to true),and it worked ok

But currently getting 403 errors on login on Jmeter,,on investigation on UI im seeing the request login [options] no longer has any token as a response,,,,but login[POST] somehow has the token already set on request and thus can login successfully

I have tried looking where the xrsf token is generated but cant seem to find it as a response to any of the requests,,,yet login,registration etc have it on their headers on UI

enter image description here

Answer 1

keep cookie manager as global level, so that you dont need to pass via header manager to the every request level

Answer 2

If you want us to help you in locating the token you need to provide a .HAR file containing all the requests from your "login" transaction, it can be generated using browser developer tools.

CSRF token doesn't necessarily come in a cookie, it can be in another header, in the response body, even in the redirection URL so pay attention to literally everything, I think it's in the response.

Check out:

• Cross-Site Request Forgery Prevention Cheat Sheet
• What is CSRF & How to Load Test CSRF-Protected Websites