ZAP handles multiple types of session management (called Session Management Methods ) that can be used for websites / webapps. Each Context has a Session Management Method defined which dictates how sessions are kept.
In the case of this method the session is being tracked through cookies. Currently, the session tokens that are used are imported from the HTTP Sessions Extension.
In the case of this method the session is managed with HTTP request header Authorization
.
This method is useful for websites / webapps where the session management is a more complex one and some custom scripts that handle the process are beneficial. To use this method, you must first define a Session Management script which analyses messages or performs other actions as needed by your web-application. This script is then selected for use for a given Context and it is called whenever session management actions are performed. Configuration can be done using the Session Contexts Dialog and requires you to have the Scripts Console ZAP Addon installed from the Marketplace.
Session Contexts Dialog |
Youtube tutorial | of the Authentication, Session Management and Users Management features of ZAP [external link to https://youtu.be/cR4gw-cPZOA]. | |
UI Overview | for an overview of the user interface | |
Features | provided by ZAP | |
Session Contexts Dialog | for an overview of the Session Properties |