tag:support.arachni-scanner.com,2012-07-01:/discussions/problems/4270-autologin-issue-or-webserver-behaviour-not-supportArachni: Discussion 2018-10-19T07:42:00Ztag:support.arachni-scanner.com,2012-07-01:Comment/426549772017-05-31T14:49:49Z2017-05-31T14:49:49Zautologin issue or webserver behaviour not support ?<div><p>You either need to use a login script and set a more <a href="http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session#advanced-session-check-configuration">advanced login check</a> that uses a POST request or keep using the autologin plugin but set a session check URL and check to a page that accepts a GET request.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/426549772017-06-01T05:54:44Z2017-06-01T06:37:37Zautologin issue or webserver behaviour not support ?<div><p>Damn, i completely missed the --session-check-url, --session-check-pattern options, i will do a try.<br>
Thanks a lot Tasos.</p></div>sebastien.aucouturiertag:support.arachni-scanner.com,2012-07-01:Comment/426549772017-06-01T07:47:05Z2017-06-01T14:29:26Zautologin issue or webserver behaviour not support ?<div><p>OK tasos, on the flask website it works fine, thanks a lot,<br>
i try another website, and got a behaviour i do not understand</p>
<p>i works fine when use --autologin --scope-exclude-pattern<br>
authenticaction is ok</p>
<p>when i add the --session-check-url , --session-check-pattern using the same parameters as the autologin, authentication failed , what is my missunderstood ?</p>
<p>ex :<br>
OK:</p>
<pre>
<code>plugin=autologin:url=http://192.168.0.21,parameters="user=admin&pwd=amin",check=authentified --scope-exclude-pattern=logout</code>
</pre>
<p>NOK:</p>
<pre>
<code>plugin=autologin:url=http://192.168.0.21,parameters="user=admin&pwd=amin",check=authentified --scope-exclude-pattern=logout --session-check-url=http://192.168.0.21 --session-check-pattern=authentified</code>
</pre></div>sebastien.aucouturiertag:support.arachni-scanner.com,2012-07-01:Comment/426549772017-06-01T14:31:08Z2017-06-01T14:31:08Zautologin issue or webserver behaviour not support ?<div><p>Does the homepage actually include the word <code>authenticated</code>? Maybe you're hitting a redirect?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/426549772017-06-05T07:08:10Z2017-06-05T07:08:10Zautologin issue or webserver behaviour not support ?<div><p>yes i hit a redirect :-( and change the check page and it looks fine.<br>
Many thanks for help<br>
you can close the ticket.</p></div>sebastien.aucouturier