Troubleshooting JMeter Login Issues in a Laravel Application

Question

I'm struggling to make my login successfull for almost a week now. I keep getting a 419 error, and I think it's related to the XSRF token, I set the user.properties to

CookieManager.save.cookies=true 

Now I add Regular Expression Extractor xsrf under Login Get

Field to check - Response Headers
Name of created variable : xsrf_token
Regular Expression: XSRF-TOKEN=([^;]+)
Template.. : $1$
Match No. 1
Default Value : Not Found

Now in my Testplan I have HTTP Cookie Manager

I check the Use Thread Group and uncheck the clear cookies each iteration

in my Login Get I have HTTP Header manager

Name =  X-XSRF-TOKEN  value =  ${xsrf_token}

I have this in my Login Post Headers

can anybody help me with my problem Im out of option thanks in advance

Updated question

is this the correct format to my xsrf? this is what I found in set cookie:

XSRF-TOKEN=eyJpdiI6ImVteVcyTnhUdHY2ZjdsWmZZYjBiQ3c9PSIsInZhbHVlIjoiZUM5dXpEMEY4YVc2S2RXZlh6anl2MGZoNGMrMkZ5RkVITExlSXcSasVEeDV3dE40VVVxOUdtOFN0Y2M3bW04ZEI5dytISFVNT0VwenhHVm9lUUJQelg0R01VbUlCRGdGMGZBckRFSzNwcDF5RktVVkZuRUpqWEdHa2tEVk0iLCJtYWMiOiJlZWM4ZjcxMTc3NWRlOWE2YmQ1MWE0N2Y2OTgzNzU4YWJhMmNmMWU5MDQ2MTZiMjI5OTEzMTA2NGE4OAFkZjJiIiwidGFnIjoiIn0%3D; expires=Wed, 12 Feb 2025 18:32:45 GMT; Max-Age=7200; path=/; samesite=lax

Answer 1

I think you need to change ([^;]+) in your Regular Expression to something more "greedy", like (.*), otherwise you will get all the headers into the variable.

You can check it yourself using Debug Sampler

See What is CSRF & How to Load Test CSRF-Protected Websites article for more information on the concept and how you can bypass it in your JMeter tests.