Scanning behind login with a session cookie

You can use a session cookie to scan behind login and test parts of your website that are only available to logged in users. 

1. Log in

Go to your website and log in.

2. Extract the session cookie

Look at the cookies in your browser and extract the session cookie your system is using to keep track of your user session.

3. Add the cookie to your scan profile

Add the cookie to your scan profile under Application Scan Profile Settings - Authentication.

4. You're all set!

Please note that session cookies only last a limited amount of time - Unless you have a way to keep sessions alive for a long time, using session cookies is not ideal as a form of authentication. If you'd like to scan behind login, we recommend you use Recorded Login. Recorded login teaches the scanner how to log in and allows it to use the same login flow as your users.