HelpUiTabsHttpsessions
This tab shows you the set of identified HTTP sessions for each Site, as detected by the HTTP Sessions extension.
The current Site the information is referring to can be selected via the toolbar or the Sites tab.
The toolbar provides a button ("New Session") which allows you to start a new session, forcing all outgoing request messages to be without the session tokens set, so the server considers it's a new session. This allows the creation of a new session, without destroying the old one.
Each of the entries in the Sessions table (each session) initially has a generated name, but it can be changed by selecting the 'Name' cell and editing it.
Each of the entries in the Sessions table can be right clicked, which activates the Popup Menu, with the following options:
- Copy Session Token Value to Clipboard - copies the value of the selected session to the clipboard.
- Remove Session - deletes the session
- Find Related Messages - Will cause the Search tab to become active, displaying results based on a search with the string displayed in the "Session Tokens' Values" column for the session which was right clicked.
- Set as active (available only on non-active sessions) - marks this session as active. If any session was previously set as active, it will be unset as active and, if it doesn't specify any token values, it is deleted.
- Unset as active (available only on the active session) - marks this session as not being active anymore. If the session doesn't specify any token values, it is deleted.
Regarding the active session, more details can be read on the general concepts help page of the HTTP Sessions extension
For each session you can see:
- Active - Whether this is the active session or not
- Name - The session name
- Session Tokens' Values - the list of values associated to each of the session tokens. The entries are separated by the ';' symbol.
- Messages Matched - the number of HTTP messages that have been matched by the extension with this session
| UI Overview | for an overview of the user interface | |
| HTTP Sessions Extension | for an overview of the extension | |
| HTTP Sessions Options screen | for an overview of the extension's Options |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
