Auth: Session Not Identified

! Action: Try Exploring the App Manually

Next Step: Run the Auth Tester again

This time try exploring the app by clicking on links and filling in fields once ZAP has successfully logged in.

You may need to keep Increasing the “Time to Wait” in order to give you enough time to explore the app.

If ZAP can still not identify the session handling then you will need to do it manually:

Next Step: Manually Identify Session Handling

Background

The Authentication Tester relies on the app to make enough background calls for it to identify the session handling and verification URL.

Traditional web apps might not make enough background calls for ZAP to use, so in this case you need to explore the app in order to give ZAP more to work with.