Session detection
Advanced In-Session Request Selection dialog box, that opens from Configuration > Login management > Advanced options > Session dectection > Advanced request selection.
- See the sequence of requests you sent when logging in
- See the In-Session Detection RequestNote: The page marked "In-Session" should be the first page to be highlighted. If an earlier, "Login", page is highlighted then either the in-session pattern is wrong, or the wrong page is marked as "In-Session".
- View any URL in the sequence in a browser.
- Set a different request as the In-Session Request, and select a new In-Session Detection Pattern from this new request.
- Delete unnecessary requests before the "In-session" URL, to save AppScan repeating these unnecessary requests many times during a scan
- See requests sent after the In-Session Detection Request, that contain the In-Session Detection Pattern and are marked "Ignore"
- Search the requests in the sequence
- Show only requests from specific domains
- Open the Select Detection Pattern dialog box to select a pattern not suggested by AppScan
Setting |
Details |
|
---|---|---|
Main list |
Shows all requests the recorded login procedure. |
|
Find |
Show only requests that contain the text string you enter, in URL, Request, Response or All. |
|
Show Domains |
Show only requests from domains selected in the drop-down list. Click for AppScan to perform the following actions: |
|
Set as In-Session Request button |
Sets the selected request as the In-Session Request, that will be used by AppScan during the scan to verify that it is still logged in. You can also do this by right-clicking on a request in the list. |
|
Advanced pattern selection button |
Opens the Select Detection Pattern dialog box, showing the content of in-session and out-of-session responses to requests in the Login sequence you recorded (based on the selected detection pattern). It lets you see the selected detection pattern in the context of the response, and define a detection pattern that is not listed in the combo box. The dialog lets you toggle through all recorded responses. In the upper part of the box you can also see the in-session and out-of-session requests that AppScan sent. You can also do this by right-clicking on a request in the list. |
|
Show the response received to the selected request when the login was recorded. The window that opens has two tabs: The Browser tab shows the response received, and the Request/Response tab shows the raw data for both the request and the response. |
||
Delete the selected request from the login sequence. | ||
Detection Pattern |
This field shows a pattern found in the selected In-Session Detection Request, which indicates that the user is in-session (or out-of-session if that option is selected). The drop-down list lets you select a detection pattern from candidates that AppScan has
identified in the Login recording, and the green or red shading indicates whether the pattern is
valid or invalid.
Note: It is usually preferable to use an in-session pattern. However, in
rare cases where the in-session pattern is not always returned following an in-session request, or
where it is complicated to define, you can use an out-of-session pattern instead.. If
AppScan was unable to identify any valid pattern, or if you need to select a different one, use the
Advanced pattern selection button to select your own. |