What Exactly Are the “Session-in” and “Session-out” Patterns?
- Friday, June 29, 2012, 4:26
- Threat Research
Acunetix Web Vulnerability Scanner (WVS) uses “session-in” and “session-out” patterns in order to detect if a logged in session on your website is invalidated and if need to be re-established. Acunetix WVS uses the recorded login sequence defined by the user, to automate the log-in procedure required during a scan. Since Acunetix WVS accesses several different links while launching security tests, this might cause the logged in session to be invalidated. In order to track if the session is still valid, Acunetix WVS uses the “session-in” or “session-out” patterns.
A “session-in” pattern confirms that the authentication session created by the “Login Sequence Recorder” is still valid, while a “session-out” pattern confirms that the authentication session is no longer valid.
Defining a “Session-in” or a “Session-out” Pattern
On the fourth step of your “Login Sequence Recorder” operation you have the possibility to specify a “session-in” or “session-out” detection pattern by clicking the “Setup in-session detection (detection of invalidated sessions)” option. Acunetix WVS offers you several ways to set up your session patterns using the “Setup in-session” mechanism.
By clicking the “Detect” button, Acunetix WVS will automatically detect the “session-in” or the “session-out” pattern. If for any reason, the automatic detection is not able to find a “session-in” or