K6 Parameterisation in setup stage

Hi guys,

We are currently trying to run multiple users with different sessions in a performance test.
We used the documentation: Data Parameterization from your website.
That part works, we see it picks random user, with password and does the login flow for our application.

However, the login flow generates a cookie that we want to use in an upcoming request after the login flow.

  • Login flow (2 requests)
  • Actual test endpoint from svc (1 request)

It works just fine if we have the 3 requests in the “export default function”, however we want to have the login flow as part of the “export function setup”, as explained here. Test lifecycle

If we do that, it will use the random user picker but it will just create one cookie and use only one user for all VUS.

Could you explain how we can solve that problem for every VU and have the login flow not part of the actual test?
And, what is best practice is in this use case in your opinion?

export default function () {
    let res;
    const randomUser = csvData[Math.floor(Math.random() * csvData.length)];

    res = http.get(__ENV.URL + '/login', { responseType: 'text' });

    const elem = res.html().find('input[name=csrf]');
    const val = elem.attr('value');
    sleep(randomIntBetween(2, 3));

    const params = {
        "csrf" : val,
        "username": randomUser.username,
        "password": __ENV.PASSWORD,
    console.log('Random user: ', JSON.stringify(params));

    res = http.post(__ENV.URL + '/doLogin/', params, {redirects: 0,})
    cookie = res.cookies
    sleep(randomIntBetween(2, 3));
    console.log('Cookie: ', JSON.stringify(cookie));

    check(res, {
        'login succeeded': (r) => r.headers['Location'] === '/dashboard/'

    res = http.get(__ENV.URL + '/by-session', cookie)

        {'is status 200': (r) => r.status === 200},
        {'is not empty' : (r) => r.json().access_token

Hi @rodyb,

To answer you question directly: You can just login all the users and return an array of the tokens which will then be provided to the default functions, which can pick up one from it. I have longer explanation with more info here.

I would (as I mentioned there) kind of recommend to not do it in setup but instead login in the first iteration of each VU and use that. This both parallelize the login to the VUs - which is a problem when you have to login thousands of users in the setup and that takes forever. And also IMO more closely will resemble the real world where users need to login in order to do something.

Hope this helps you :bowing_man:

HI @mstoykov,

Thanks for your reply and explanation!

I read the post you mentioned, but it’s still a bit unclear for me how that would work with the example that I shared. In that example, I need to retrieve the CSRF to use for the 2nd request and the cookie from that 2nd request for the “actual test”

Could you perhaps share an example how that would look like with the approach from that post to give me an idea?

Thanks for taking the time and the help.


I don’t really intend on writing you this code, sorry :wink:

All you need to do is repeat this for all users and put it in an array that is returned from setup.

As this likely will be about a lot of users you will likely need to do one big http.batch to get the crsf then create a new one and execute it to get the cookies and then return those in the array from setup.

Then you just use the cookies in the VU code as they will be provided as the first argument to the default function.

Hope this clears things up