HelpStartConceptsSessionManagement

psiinon edited this page Mar 29, 2017 · 3 revisions

Session Management

ZAP handles multiple types of session management (called Session Management Methods) that can be used for websites / webapps. Each Context has a Session Management Method defined which dictates how sessions are kept.

So far, just cookie based and HTTP authentication session management methods have been implemented, but the system supports easy addition of new methods, according to user needs.

Cookie-Based Session Management

In the case of this method the session is being tracked through cookies. Currently, the session tokens that are used are imported from the HTTP Sessions Extension.

HTTP Authentication Session Management

In the case of this method the session is managed with HTTP request header Authorization.

Configured via

     Session Contexts Dialog

See also

     Youtube tutorial of the Authentication, Session Management and Users Management features of ZAP [external link to https://youtu.be/cR4gw-cPZOA].
     UI Overview for an overview of the user interface
     Features provided by ZAP
     Session Contexts Dialog for an overview of the Session Properties
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.