Each of my application's POST request needs to extract a CSRF token from its page. These POST requests are made either via normal Forms or via Multipart/Form-Data type forms. Now, when I define this variable extractor as a POST parameter in a Multipart/Form-Data type form, it successfully extracts the CSRF token through a regular expression. But when I define a variable extractor to extract the a similar CSRF token as a POST parameter in a normal form, Neoload doesn't seem to be able to extract the CSRF token, at least not in the variable extractor box (it's still able to extract when I validate the user path). You can see in attachment 'form.png' (my second attachment), the variable extractor box says <NOT FOUND>, while in 'multiform.png' (my first attachment), it shows the extracted CSRF token.
Again, the weird thing is that Neoload is able to extract the CSRF token when it validates the user path, irrespective of whether it is in a multipart form or a normal form. But why doesn't the extracted content show up when I define the variable extractor in a form, as opposed to a multipart form? Does Neoload handle variable extractors defined in multipart forms differently than the ones defined in normal forms?
I am concerned with this since when I run a load test scenario, Neoload gives a 403 error on all CSRF variable extractors defined on normal forms. We had the same error code when we were running each user path individually, but adding the CSRF token extractor resolved it. Now when I run a whole scenario of multiple user paths, I can see the 403 error at every user path which uses a variable extractor as a POST parameter in a normal form. I am suspecting this has something to do with the extracted content not showing up in the variable extractor box.
Any help or pointers would be appreciated. Thanks!