HOME / SUPPORT / Logout detection - Configuration

Logout detection - Configuration

During a scan, Acunetix 360 follows all links and submits forms, which can sometimes result in session termination and logout during an authenticated scan. However, even after logging out, Acunetix 360 must continue scanning the entire website, including sections that are typically restricted to logged-in users.

NOTE:

Before starting a scan, you need to confirm form authentication by providing Acunetix 360 with details about the pages that require login.

This document provides instructions on how to configure both redirect-based and keyword-based logout detection.

If you encounter any issues during logout detection, refer to our Logout detection issues documentation.

How to configure a logout detection

  • In Acunetix 360, select Scans > New Scan
  • Enter the Target URL and select the Scan profile
  • In the Scan options, select Form

  • Enable the Form Authentication checkbox
  • In the Login Form URL field, enter the URL

  • Click New Persona and fill in the Username and Password fields
  • Select Verify login & logout to start the verification process

  • When the process is complete, the Login Simulation and Logout Detection sections are displayed side by side

There are three options for logout detections. Continue with your preferred option:

  1. Redirect-based logout detection
  2. Keyword-based logout detection
  3. None - no logout detection will be used - select None for the Detection type

For Authentication for unsupported forms, refer to the linked document to configure custom scripts for form authentication.

How to configure redirect-based logout detection

  • Enable the Redirect Based checkbox in the Detection type

  • Verify the Login Required URL and the Redirect URL Pattern
  • Select Reverify logout settings
  • Before clicking OK, ensure the logout detection was successful

How to configure keyword-based logout detection

  • Enable the Keyword Based checkbox in Detection type

  • Verify the Login Required URL
  • Click New Keyword to enter keywords. Specify as many keywords as needed. Acunetix 360 must match all keywords in an HTTP response to confirm session termination. To use regular expressions, check the "Is Regex?" box next to the keyword pattern.

TIP:

To improve accuracy, avoid using generic keywords and prefer more specific RegEx patterns.

For example, instead of using "username" as a keyword, which might appear on multiple pages, you can use a more specific RegEx pattern like:

<input .*username.*>

  • Select Reverify logout settings
  • Before clicking OK, ensure the logout detection was successful

 

« Back to the Acunetix Support Page