After running into trouble trying to use ApacheBench over SSL, I went ahead and gave Siege a try. Initially, I was very impressed as it handles SSL well and has some cool features that ab doesn't.
I didn't have any trouble getting it to work as an authenticated user using the -H flag to set the "Cookie" header, but I recently discovered that you can also provide a "login url" in your siegerc. This sounded great since that allows me to take one more bit of logic out of my wrapper script, but I couldn't get it to work.
After playing with the source a bit, I found a couple things.
First, in main.c, I found a hidden flag:
my.debug = TRUE;
break;
Using the -D flag will print out all request and response headers. Very helpful!
This illuminated that fact that although every response had a Set Cookie, no Cookie header was being sent back in the requests. I was able to track that down to this bit in cookie.c:
if(cur->expires <= now){
delete_cookie(cur->threadID, cur->name);
continue;
}
if(strlen(oreo) > 0)
strncat(oreo, ";", sizeof(oreo) - 10 - strlen(oreo));
strncat(oreo, cur->name, sizeof(oreo) - 10 - strlen(oreo));
strncat(oreo, "=", sizeof(oreo) - 10 - strlen(oreo));
strncat(oreo, cur->value, sizeof(oreo) - 10 - strlen(oreo));
}
I was testing the script on this site, using this URL:
http://colonqbang.com/admin/build/modules/
In the bit above, the first thing that's tested is whether dlen (the length of the cookie domain) is less tha hlen (the length of the Host header). In this case, its not. The Host header is "colonqbang.com" and the cookie domain is ".colonqbang.com". Although this is pretty odd behavior and I'm not too sure what that's supposed to be checking for, its easy enough to just throw the www in so that the domain will be longer than the host.
Sure enough, after changing my url to "http://www.colonqbang.com/admin/build/modules/" it worked as expected and retained the same cookie throughout the siege run.