Quality Testing

Quality is delighting customers

How to test when the web application expired time (cookies,sessions testing) in real time ?

How to test when the web application expired time (cookies,sessions testing) in real time

Views: 490

Reply to This

Replies to This Discussion

If you have access to Web.xml file you can check it. In web.xml file you can check session time out like below...

< session-config >
< session-timeout >120< /session-timeout >
< cookie-config >
< path >/< /path >
< /cookie-config >
< tracking-mode >COOKIE< /tracking-mode >
< /session-config >

That works only with a few technologies. There is plenty of different web technologies, and they all have own way to check the session validity. In some cases it's even embedded to the code, so there isn't simple solution.

Here's one idea: Just wait until the session timeouts. Usually the simplest way to test it, is to open the session at evening, and check at morning if it is valid. Then you have at least the basic idea if the session timeouts at all. If it doesn't, then it just doesn't. Also asking from devs how quickly they should time out and then waiting for that time with timer and see what happens. Or ask them to modify the timeout to smaller so you can see how it behaves at timeout.

Session/Cookies testing is part of web application security testing. You can test the session timeout by following these steps :

1.Check session session-timeout:

 for Java:

Check Web.xml

"<!-- Session Configuration --> /span>session-config>/span>session-timeout>60</session-timeout> </session-config"

for .net

Check web.config

"/span>sessionState timeout="1" mode="InProc" />"

2. After checking the session time out. Navigate to appropriate page of the application and leave the page
idle for bit more than session time out time.

Hope this will help!!



TTWT Magazine





© 2022   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service