A “session-in” pattern confirms that the authentication session created by the “Login Sequence Recorder” is still valid, while a “session-out” pattern confirms that the authentication session is no longer valid.
Defining a “Session-in” or a “Session-out” Pattern
On the fourth step of your “Login Sequence Recorder” operation you have the possibility to specify a “session-in” or “session-out” detection pattern by clicking the “Setup in-session detection (detection of invalidated sessions)” option. Acunetix WVS offers you several ways to set up your session patterns using the “Setup in-session” mechanism.
By clicking the “Detect” button, Acunetix WVS will automatically detect the “session-in” or the “session-out” pattern. If for any reason, the automatic detection is not able to find a “session-in” or “session-out” pattern, then you can manually specify the exact pattern.
The above example shows how to define a text pattern or a link in order to confirm if the session is still valid or not. The text pattern can be plain text or regular expressions.
You can highlight the text pattern or link via your web interface or directly from your website’s source code (body). This can be done by simply choosing the “Show in browser” or the “Show raw data” options. Then click on the “Define pattern from selection” to select the desired text pattern or link. When this is done a regular expression will be automatically generated.
The user can specify the location of the session pattern from the "Pattern type" drop-down menu. The different options provided are "In headers", "Not in headers", "In body", "Not in body", "Status code is" and "Status code is not".
Once selected the desired pattern click on the "Check Pattern" button to confirm that Acunetix WVS can recognize the difference between a logged-in session and a logged-out session.