cookieBasedSessionManagement parameters

Question

I'm trying to set session management to cookieBasedSessionManagement via ZAP API.

(http://localhost:9090 is my default zap proxy)

When I ask for parameters I should provide, it gives me an empty array: http://localhost:9090/JSON/sessionManagement/view/getSessionManagementMethodConfigParams/?zapapiformat=JSON&methodName=cookieBasedSessionManagement

{"methodConfigParams":[]}

However when I try to call http://localhost:9090/JSON/sessionManagement/action/setSessionManagementMethod/?zapapiformat=JSON&contextId=auto-context&methodName=cookieBasedSessionManagement&methodConfigParams=

I get

{"code":"missing_parameter","message":"Missing Parameter"}

So I'm curious what the parameters should be - or is it a bug in zap api ?

Ondrej Svejdar Ondrej Svejdar · Accepted Answer · 2016-08-18T13:30:35

In case anyone run into this:

There is a context name and there is a context id. If you pass context name into context id - you'll get this weird error (really the error should be something like unknown context id). Unfortunately the default .NET client API (which I was using for issuing REST requests to local ZED proxy) has all variables as strings - even the context id which really should be an integer.

cookieBasedSessionManagement parameters

1 Answers