CSRF Tokens

Many sites use CSRF tokens to prevent cross-site request forgery. In this case you need to extract those tokens and send them along with subsequent requests.

For further information on content extraction take a look at our reference.

Extract CSRF Token

In your test case definition you can use StormForgers ability to extract the token from a response body like:

  "authorization": {
    "csrfToken": "noXuMgKei5pPP4wdv5Kq"

with the following option:

session.get("/users/register", {
  tag: "fetch_token",
  extraction: {
    jsonpath: {
      "csrfToken": "authorization.csrfToken"

You can then use the csrfToken as a dynamic data source within the same session:

session.post("/users/register", {
  tag: "registration",
  payload: {
    token: session.getVar("csrfToken"),
    username: "Foo",
    password: "bar"
Icon Support Are you stuck? Or do you have any feedback? Get in touch with us – we are happy to help you.
Icon Schedule a demo Schedule a personal, customized demo. We'll show you around and introduce you to StormForger.
Icon Talk to a human To build and run reliable applications is complex – we know. Schedule a call and we’ll figure things out.

We are using cookies to give you the best online experience. If you continue to use this site, you agree to our use of cookies. By declining we will disable all but strictly required cookies. Please see our privacy policy for more details.

Accept Decline