When recoding a login sequence, the crawler needs to be configured to automatically identify if a web application’s logged in session (navigation of a password protected area) is still valid or not. This is an important step when recording a new login sequence. With the ‘in session’ OR ‘out of session’ values configured, the crawler is able to determine if a session has been invalided or timed out automatically. Once a session is timed out or invalided, the crawler will automatically know that it must replay the login sequence, without requiring any human intervention.
Therefore the user has to specify an ‘in session’ OR ‘out of session’ pattern. The pattern has to be unique, i.e. a pattern of text which helps the crawler differentiate a logged in session from a logged out or invalided session. The pattern can be specified in the ‘Pattern’ input field as a normal string of characters, or as a regular expression. From the Pattern Type drop down menu, the user also needs to specify where such pattern should be matched to, such as in result body, in headers or as a status code.
When a user is logged in, ‘Logout’ is always present in the result body, on contrary to when a user is logged out. Therefore in the pattern entry field, specify ‘Logout’ while in the ‘in session’ tab, and from the Pattern Type drop down menu select ‘In body’. Click on ‘Check Pattern’ to confirm that the crawler is able to differentiate a logged in session from a logged out session.
The below video provides more information about the Login Sequence Recorder and the in session and out of session detection.