Login Management

Record the login procedure.

About this task

If the site requires login, follow the steps below. Otherwise select No login required and then click Next to move to the next step of the wizard.


  1. Click the Record button
    • Browser: The browser (as configured in Tools > Options > Preferences) opens.
    • Postman and SoapUI: The client opens, and is automatically configured with the correct port and IP.
    • Other and Remote: You must open and configure the client, as described in Client.
  2. On your chosen client, browse to your application's login page.
  3. Log into the application.
  4. When you are logged in, send a different request as a logged in user. This "extra" request helps AppScan maintain session when testuing the application.
    • Browser: Click I am logged in to the site (if using the default browser), or simply close the browser (if using an external browser).
    • All other clients: The requests are listed in the External Login Recorder. For more details, see External Login Recorder.
  5. In the External Login Recorder, click Stop recording.
  6. Optionally review the list for unnecessary requests (for example, requests to a different domain), and delete them by selecting and clicking the minus button
  7. Click Save to close the recorder.

    The green key icon indicates that in-session status has been detected.

  8. If you select the I want to configure In-Session Detection Options check box, an additional wizard step, Login Management Details, will open when you click Next. Select this only if you need to edit the login sequence or activate/deactivate In-Session detection (see note to previous step).
  9. In the wizard, click Next.

What to do next

Test Policy

If you selected "I want to configure In-Session Detection Options", continue to Login Management Details