ZAP handles multiple types of session management (called Session Management Methods) that can be used for websites / webapps. Each Context has a Session Management Method defined which dictates how sessions are kept.
So far, just a cookie based session management method has been implemented, but the system supports easy addition of new methods, according to user needs.
In the case of this method the session is being tracked through cookies. Currently, the session tokens that are used are imported from the Http Sessions Extension.
Session Contexts Dialog |
Youtube tutorial | of the Authentication, Session Management and Users Management features of ZAP [external link to http://youtu.be/cR4gw-cPZOA]. | |
UI Overview | for an overview of the user interface | |
Features | provided by ZAP | |
Session Contexts Dialog | for an overview of the Session Properties |