Page 1 of 1

How does eValid handle website with Secure Session IDs

PostPosted: Thu Sep 16, 2021 9:44 am
by JeanneM
Morning.

How do I use eValid to Handle Sites with Multiple Secure Session IDs?

Thanks

Re: How does eValid handle website with Secure Session IDs

PostPosted: Fri Sep 17, 2021 11:17 am
by eValid
JeanneM wrote:Morning.

How do I use eValid to Handle Sites with Multiple Secure Session IDs?

Thanks


Great post to ask JeanneM.

Indeed, some websites use a security method that involves using two or more secure session IDs.

These IDs are assigned by the server and are passed to the browser as the value on the right hand side of a name=value pair.

You might see something like this:

"...???...&SessionID=73323..."

in the URL.

Depending on the server, there can be several of these &name=value pairs.

Unless all of the values for a set of named &name=value pairs are preserved, the session is declared "invalid" by the server.

Your test fails.

eValid provides a special method that supports maintaining these values.

It involves editing the recording to declare a section of the script to be a "secure zone" and declaring to eValid the names of &name=value pairs to be preserved.

If the server you are working with uses, for example, two &name=value pairs called &NAME1= and &NAME2=, your edited script will look like this:

# Regular eValid commands...
...
EnterSecureZone
SecureDataID=NAME1
SecureDataID=NAME2
...
# All your regular commands...
...
ExitSecureZone
...

You can find the values NAME1 and NAME2 when you navigate with eValid in the normal way.

The two SecureDataID commands tell eValid to respect (i.e. preserve) the dynamic values assigned to NAME1 and NAME2.


-- eValid Support