Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Session Validity Check

Sebastian | Last updated: Feb 20, 2018 11:26AM UTC

Hello, I have a couple of cases where I need two session handling rules: 1. One for logging in after deauth/logout 2. One for checking for 500 responses and reacting with a POST When I fire the request (causing logout) and check the tracer, it detects the invalid session and executes the login macro, so all fine. When I fire the request (causing 500) and check the tracer, it runs the first session check and finds the session is valid, then it stops checking for the second condition. In my opinion it should sequentially go through all rules (&&) instead of quitting after the first condition returns true (||). Thanks, Sebastian

Liam, PortSwigger Agent | Last updated: Feb 20, 2018 03:02PM UTC

At a first look this sounds like a reasonable feature request. We'll discuss this internally and see if we can implement this. In the meantime, a simple extension would be able to help you. Please let us know if you need any further assistance.

Burp User | Last updated: Mar 02, 2018 12:38PM UTC

Hi Paul, I really thought this is a bug, as its not intended behaviour (ignoring a second rule) if you need to implement two independent session checks. I'm just stumbling over this every time and I've always used an extension to solve the issue, but a simple tickbox or codechange in Burp would be so much easier. Anyways, would be very happy to see this changed, let me know what I can to do so it gets into the pipeline... Cheers, Sebastian

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.