You can use a session cookie to scan behind login and test parts of your website that are only available to logged in users.
1. Log in
Go to your website and log in.
2. Extract the session cookie
Look at the cookies in your browser and extract the session cookie your system is using to keep track of your user session.
3. Add the cookie to your scan profile
Add the cookie to your scan profile under Application Scan Profile Settings - Authentication.
4. You're all set!
Please note that session cookies only last a limited amount of time - Unless you have a way to keep sessions alive for a long time, using session cookies is not ideal as a form of authentication. If you'd like to scan behind login, we recommend you use Recorded Login. Recorded login teaches the scanner how to log in and allows it to use the same login flow as your users.