If the In-Session Detection Pattern shown in the Details
tab does not correctly identify in-session status, you can
select a different pattern using the Requests sequence.
Procedure
- In Login Management > Details > Requests, select the URL marked In-Session (highlighted in green), then click
the Select button at the bottom of the dialog
box, to choose a different pattern.
The browser
opens and you can select a new pattern either in the browser or the
response body tab. Then close the browser and click Validate.
- If you cannot identify an in-session pattern on the final
page, do the following:
- Select the request above the request you just looked at
- Double-click on it and check that it does not contain the login
credentials
- If it does not, click Select, and try identify
a different pattern
- If you do not find an in-session pattern, repeat the previous
step for the next request up. You can repeat this as necessary, until
you reach a request that contains the login credentials.
- If you are unable to identify an in-session pattern in
any of these pages, and there are one or more URLs listed after the In-Session page, use the same procedure to look for an in-session
pattern on that page.
- If there are no extra URLs, try recording the login
sequence again, but click one extra link after you are logged in,
preferably a personalized setting, and look for an in-session pattern
on that page.
- If this fails, try selecting an out-of-session pattern:
- Select the URL that was originally marked as the In-Session request
- Open a browser (outside AppScan) and send this request on its
own (not preceded by the rest of the login sequence)
- Compare the two responses, and try to identify an expression in
the body of the response from Step B that does not exist in the in-session
page (such as "You are not logged in")
Note: If the request redirects
a different page, you cannot use the response you see in the browser,
but need to use the response to the actual request, which can be done
using a sniffer
- At the bottom of the Details tab click the In-Session drop-down
button and select Out-of-session, and then
paste the pattern you identified into the Detection Pattern field