Load Testing Authenticated Websites

I am not a software tester much these days besides the minimum I need to do to accept stories for my internal developer platform. However, a colleague reached out and had a usecase for load testing that we did a couple years ago again. Around that time I pulled out my tried and true CasperJS and used Python’s locust load testing. Boy am I happy that some things have changed since then. Instead of CasperJS I can default to puppeteer and for load testing I can use K6. The benefit of k6 is that is does not require being distributed across multiple machines to run load.

Programmatically logging into a website using oAuth is a pain and I haven’t figured out the magic way to do it simply yet. What does work is headless browsers like puppeteer or selenium. In this case I am not using selenium but I imagine there are many tutorials out there to do that.

This first example is simple way to login to a website and save the cookies to a file

import json
import asyncio
from pyppeteer import launch

async def main():
    url = 'https://somewebsite.com/Ineedtologin/blah/blah/blah'
    browser = await launch({'headless': True})
    page = await browser.newPage()

    await page.goto(url,waitUntil="networkidle2")
    await page.evaluate('() => document.querySelector("#loginbox").value = "myusername"')
    await page.evaluate('() => document.querySelector("#passwordbox").value = "mypassword"')
    await page.evaluate('() => document.querySelector("#submitbutton").click()')
    await page.goto("https://somewebsite.com/navigateto/something/else")
    cookies = await page.cookies()
    with open("cookies.json", 'w+') as f:
    await browser.close()


Then below I can setup a k6 basic test request and load in the cookies I saved

import http from "k6/http";
const cookies = JSON.parse(open("./cookies.json"));

export default function () {
  const jar = http.cookieJar();
  cookies.forEach((element) => {
    jar.set("https://somewebsite.com/", element.name, element.value, {
      domain: element.domain,
      path: element.path,
      http_only: element.httpOnly,
      secure: element.secure,


I can then run k6 load test via commandline ./k6 run –vus 10 –duration 30s k6test.js and see the test run and get a report in the commandline.

Now if you know javascript you can get more fancy by using the setup function of the load test to do something like what I did above in python. Another advanced feature could be detecting when the virtual user is logged out and refresh the token if needed. You can also get real fancy with k6 and its load test scenarios. I have not used k6 a lot but I like what I see in designing load tests and it is much easier for my forgetful coder brain to wrap my head around to do simple load testing work.

Check out more about running k6 tests here