Login troubleshooting
Tips for troubleshooting session detection problems in Login Management view.
When you close the browser after recording the login procedure, the green key icon confirms that ADAC has detected an in-session pattern that can be used during scanning to verify its in-session status. If one of the other icons appears instead, ADAC may not have enough information to log in to the site during scanning.
Icon |
Message |
Possible user actions |
---|---|---|
Using action-based login Action-based login: Succeeded Request-based login: Succeeded |
No action necessary. Action-based login will be used, and request-based login will be available as a fallback method. |
|
Using action-based login Action-based login: Succeeded Request-based login: Failed |
No action necessary. Action-based login will be used. To troubleshoot the request-based sequence, see Request-based login troubleshooting |
|
Using request-based login Action-based login: Failed Request-based login: Succeeded |
No action necessary. Although action-based login is the preferred method, since request-based login succeeded, that version will be used. To troubleshoot the action-based
sequence, see Action-based login troubleshooting Note: If one of the login pages is very slow, it may be more practical
to use request-based login as many logins are typically required during
a scan. |
|
Login not yet recorded |
Either click and record a login or, if login is not required, in the Login/Logout tab > Login method, select None to disable session detection. |
|
Login not yet validated |
If changes have been made to one of the sequences, you must click the Validate button to validate the new login sequence. |
|
Session request same as login request |
Generally, the login sequence should end immediately when AppScan is logged in to the application. However, in rare cases, the in-session request also contains the login request (with username and password). In such cases, whenever AppScan replays the in-session request (to verify that it is logged in) it will actually log itself in, and therefore be unable to detect when it is logged out. The solution is to record the login sequence and when logged in, to click another link on the page. The login sequence will now have an extra step. As long as this new request does not include the credentials, AppScan will be able to use the sequence to verify when it is logged out, and the key icon will change to green. |
|
Session page redirects |
If the page selected as the first in-session
page redirects to another page, it is likely that the in-session pattern
selected by AppScan is incorrect.
|
|
Session page not identified |
In the Request tab, open the final page of
the login sequence, look for a pattern (either in the Browser tab
or the Request/Response tab) that is unique to logged-in users
(such as a "log out" link), and select that as the in-session pattern.
|
|
Session detection disabled |
No action necessary. Session detection can be enabled by selecting one of the thwo Login methods: Recorded or Automatic. |