After recording a forms login sequence, it might still be noticed that Acunetix WVS did not crawl the areas of the web application which are protected from the login page. This issue might be caused by a misconfiguration of the login sequence recorder, or the restricted links might not have been selected.
When recording a login sequence, one must make sure that a ‘Restricted Link’ is specified, which is usually the logout link. If such link is not specified, the crawler will crawl the logout link and will be logged out of the session, therefore it won’t crawl the pages protected from the login page. It is of common occurrence where a web application has a number of different logout links. In this case, all the different logout links should be specified in the login sequence.
One also should make sure to specify a ‘in-session’ detection value, so when the session is logged out or invalidated, the crawler will be able to automatically re-login. One can edit already saved Login Sequences from the Configuration > Settings > Scanner Settings > Scanner > Login Sequences node.
If problem persists, contact Acunetix support department by sending an email to firstname.lastname@example.org.
Watch the below video for more information on how to use the Login Sequence Recorder and it’s features.