Skip to main content

Form authentication upgrade guide

When upgrading to Invicti Platform, existing form authentication configurations are carried over to ensure scan stability as Login sequence recorder - LSR with specific limitations.

This document explains what is carried over, what requires review, and what customers should update post-upgrade.

What is carried over

  • Login steps are carried over during upgrade.
  • Recorded navigation, form submissions, and credentials remain intact.

This ensures the scanner can still perform the login flow as originally configured.

What isn't carried over

After upgrade, the following LSR components are intentionally left empty:

Session detection and session validation

  • Session validation patterns aren't carried over.
  • The scanner won't automatically detect authenticated vs unauthenticated states until these are defined.

Logout restrictions

  • Logout detection and restrictions aren't carried over.
  • Without configuration, the scanner may unintentionally trigger logout actions during the scan.

Required customer action

Customers must review and update their Login sequence recorder configuration after the upgrade.

This includes:

  • Defining session validation patterns.
  • Configuring logout restrictions.

Refer to the login sequence recorder documentation for step-by-step guidance.

Temporary requirement until Platform improvements

The following enhancements are currently in progress within Invicti Platform:

  • Automatic session detection improvements.
  • Improved handling of logout restrictions.

Until these improvements become available:

  • Customers must manually configure session validation and logout restrictions within the LSR settings, using the previously mentioned documentation.

Recommended post-upgrade checklist

After upgrading to Invicti Platform:

  1. Open the Login sequence recorder configuration
  2. Verify login steps execute successfully
  3. Define session validation patterns to confirm authenticated state
  4. Configure logout restrictions to prevent unintended session termination
  5. Save and re-test the authentication flow

Summary

  • Login steps are carried over successfully
  • Session detection and logout restrictions aren't carried over by design
  • Customers must review and update LSR settings post-upgrade
  • Temporary manual configuration is required until upcoming platform improvements are released

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?