search

Validating Browser Sessions

Post creation of browser sessions validate them to ensure successful scans

Browser session validation checks that a recorded session works before security scans. It verifies authentication, that actions can be replayed, and that the site behaves as expected.

hashtag
Validation States

Sessions have three states:

  1. Pending Validation (Yellow) - Not yet validated. New sessions start here.

  2. Validated (Green) - All checks passed. Ready for scans.

  3. Validation Failed (Red) - At least one check failed. Fix issues before using.

hashtag
Validation Checks

hashtag
1. Authenticated Check

Checks if the session authenticates correctly when loaded.

  • Loads the session (cookies, storage)

  • Visits the authentication URL

  • Compares the result to the expected authenticated page

Passed: Shows authenticated content (dashboard, profile, etc.)

Failed: Shows login page or error (session expired/invalid)

hashtag
2. Unauthenticated Check

Checks if the site shows the login page when no session is present.

  • Visits the same URL without session data

  • Compares to the expected unauthenticated page

Passed: Shows login page or "access denied"

Failed: Shows authenticated content (security issue)

hashtag
3. Replay Test

Checks if the recorded browser actions can be replayed successfully.

  • Replays the recorded actions (clicks, typing, navigation)

  • Compares the final page to the expected authenticated state

Passed: Actions complete and result in authenticated state

Failed: Actions fail or don't reach authenticated state

hashtag
4. Parallel Tab Testing

Checks if the application can handle 3 authenticated tabs open at the same time

  • Opens 3 tabs with authenticated session

  • Reloads all tabs simultaneously to simulate actions like refreshing the page/navigation

Passed: All tabs maintain the authenticated state after reloads

Failed: Any one of the tab does not maintain the authenticated state

hashtag
How to Trigger Validation

  1. Open the Browser Session Manager modal by clicking Import Browser Session while configuring an assessment for a domain.

  2. Select an existing session from the dropdown. The session loads in preview mode

  3. (Optional) Review or edit session details, context, tags, or browser actions.

  4. Click "Validate Session" and wait 1-2 minutes (You can view the live process of validation on the VNC URL).

  5. Review results when they appear. Green borders = passed, red borders = failed. Click the eye icon to view screenshots.

circle-exclamation

Please note: If any of the validations fail the scan that triggered might not be successful, please ensure all 3 checks pass before running an authenticated scan.

PreviousImporting Browser Session (Legacy)NextManual Crawler

Last updated