Recording a login
Before you begin
Before you can record a login sequence the Starting URL must be defined (either in Configuration > URL and Server view or in the wizard).
About this task
Recorded Login lets you teach AppScan® the procedure for logging in to your site: which links to click, which text to input in forms, and the order in which to do them. As soon as you have recorded this, AppScan will attempt to identify an in-session pattern that it can use in future to verify that it is logged in. Once this is done, AppScan can use the login sequence to log itself back in during the scan, whenever it detects that it has been logged out.
AppScan must know at all times whether it is logged into or out of the site, so it can evaluate the site's responses correctly. During the scan, AppScan sends the In-Session Detection Request repeatedly, and checks that the response contains the In-Session Detection Pattern, to verify that it is still logged in. If AppScan does not find the pattern in the page's response, AppScan assumes it has been logged out, and attempts to log in again by replaying the login sequence. It follows that the login sequence is typically played many times during a scan. It is therefore best that it contains as few steps as possible. It is also helpful if the In-Session page is a small page, and does not contain tracked parameters or cookies, since these can also increase scan time significantly.