# Validating Browser Sessions

Browser session validation checks that a recorded session works before security scans. It verifies authentication, that actions can be replayed, and that the site behaves as expected.

### Validation States

Sessions have three states:

1. **Pending Validation (Yellow)** - Not yet validated. New sessions start here.
2. **Validated (Green) -** All checks passed. Ready for scans.
3. **Validation Failed (Red)** - At least one check failed. Fix issues before using.

### Validation Checks

<figure><img src="/files/4jabmDJ0s2Td2wmkQgYP" alt=""><figcaption></figcaption></figure>

#### 1. Authenticated Check

Checks if the session authenticates correctly when loaded.

* Loads the session (cookies, storage)
* Visits the authentication URL
* Compares the result to the expected authenticated page

Passed: Shows authenticated content (dashboard, profile, etc.)

Failed: Shows login page or error (session expired/invalid)

***

#### 2. Unauthenticated Check

Checks if the site shows the login page when no session is present.

* Visits the same URL without session data
* Compares to the expected unauthenticated page

Passed: Shows login page or "access denied"

Failed: Shows authenticated content (security issue)

***

#### 3. Replay Test

Checks if the recorded browser actions can be replayed successfully.

* Replays the recorded actions (clicks, typing, navigation)
* Compares the final page to the expected authenticated state

Passed: Actions complete and result in authenticated state

Failed: Actions fail or don't reach authenticated state

***

#### 4. Parallel Tab Testing

Checks if the application can handle 3 authenticated tabs open at the same time

* Opens 3 tabs with authenticated session
* Reloads all tabs simultaneously to simulate actions like refreshing the page/navigation

Passed: All tabs maintain the authenticated state after reloads

Failed: Any one of the tab does not maintain the authenticated state

***

### How to Trigger Validation

1. Open the Browser Session Manager modal by clicking **Import Browser Session** while configuring an assessment for a domain.

   <figure><img src="/files/ZIY7jwbQ8BF9ALV41lhV" alt=""><figcaption></figcaption></figure>
2. Select an existing session from the dropdown. The session loads in preview mode
3. (Optional) Review or edit session details, context, tags, or browser actions.
4. Click "Validate Session" and wait 1-2 minutes (You can view the live process of validation on the VNC URL).

   <figure><img src="/files/rsTFKrJu15sNKDisCQXt" alt=""><figcaption></figcaption></figure>
5. Review results when they appear. Green borders = passed, red borders = failed. Click the eye icon to view screenshots.

{% hint style="warning" %}
Please note: If any of the validations fail the scan that triggered might not be successful, please ensure all 3 checks pass before running an authenticated scan.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://copilot-docs.bugbase.ai/enterprise/how-to-trigger-an-external-scan/validating-browser-sessions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.