Using a browser
About this task
If a login sequence has been configured (see Login tab), there are two options when
recording a multi-step operation:
- Log in and then record
- AppScan will log in to the application automatically (using the login you recorded) before
the browser opens. You can then record your multi-step operation without recording the login
requests. This method has the advantage that the login requests will not be replayed every
time this sequence is played, but only if AppScan is out-of-session.Note: Parameters and cookies that are present in the Multi-Step sequence but not in the Login sequence, are always tracked as Dynamic, even if you change their tracking to Login Value.
- Record without login
- AppScan will begin recording the sequence without logging in. When the browser opens you
record your multi-step sequence directly. If you need to log in, the login will be part of
the recording and will therefore be replayed every time the sequence is played, which can
significantly increase scan time. Where login is required, the best practice is to use the
previous option.Note: If you use this option and then record login requests as part of the sequence, parameters and cookies received are always tracked as Dynamic, even if they are Login requests, and even if you change their tracking to Login Value.
If no login sequence has been configured there is just one option: Record.
Important: During playback of a multi-step operation, in-session detection is Off (see
Login tab). This means
that AppScanĀ® does not verify that it is logged in.
Therefore, if the failure of the sequence will cause the user to be logged out of the application,
it is important that login be recorded as part of the sequence (so it will be replayed each time the
sequence runs). If this is not done the multi-step operation may fail.