Automation framework authentication doesn't work while authentication tool does

[JD]

Hi all, 

I have had an automation framework setup that worked for a while.

The Authentication was setup using the authentication tester tool which works and authenticates fully:

This worked inside a cicd pipeline for several months using zap docker image: zaproxy/zap-stable:2.16.0 (we are still using 2.16.0)

However recently it fails when spidering with this error: 

Job spider failed to access URL https://test.<redacted>.de : Duplicate key JSESSIONID (attempted merging values S1UORXS_8UY0_ez8btH1SPUAwhKKR-gF0vdrMRfv.testi1 and 4BGYqs_UORErBL0yZ3kLRq484rDDr-eWY0YAPItP.test1)

This issue also occurs when running the script in the gui.

All I found when googling was this: Question with same error message

When I create a new script via the authentication tester tool it works within the gui. If I however save the script to a yaml file close the session and open zap again and run the script zap manages to authenticate but has the same error. 

```yaml

env:
  contexts:
  - name: Authentication Test
    urls:
    - https://test.<redacted>.de
    includePaths:
    - https://test.<redacted>.de.*
    authentication:
      method: browser
      parameters:
        loginPageUrl: https://test.<redacted>de/<redacted>/login.html
        loginPageWait: 2
        browserId: firefox
        steps: []
      verification:
        method: poll
        loggedInRegex: \Q 200 OK\E
        loggedOutRegex: \Q 302 Found\E
        pollFrequency: 60
        pollUnits: requests
        pollUrl: https://test.<redacted>.de/url
        pollPostData: <postdata>
        pollAdditionalHeaders:
        - header: content-type
          value: text/x-gwt-rpc; charset=utf-8
    sessionManagement:
      method: headers
    technology: {}
    structure: {}
    users:
    - name: test-admin
      credentials:
        password: <redacted>
        username: <redacted>
  parameters: {}
jobs:
- type: passiveScan-config
  parameters: {}
- type: spider
  parameters: {}
  tests:
  - name: At least 100 URLs found
    type: stats
    onFail: INFO
    statistic: automation.spider.urls.added
    operator: '>='

    value: 100

```

If anyone has any insights into what could be causing this and how to fix it i'd be very grateful :)

[thc202]

Hi,

This has been fixed in the weekly releases, the affected add-on was not
yet released to the marketplace.

Best regards.

On 17/06/2025 12:32, JD wrote:
> Hi all,
> I have had an automation framework setup that worked for a while.
> The Authentication was setup using the authentication tester tool which
> works and authenticates fully:
> [image: Screenshot From 2025-06-17 13-13-11.png]
> This worked inside a cicd pipeline for several months using zap docker
> image: zaproxy/zap-stable:2.16.0 (we are still using 2.16.0)
>
>
> However recently it fails when spidering with this error:
>
> Job spider failed to access URL https://test.<redacted>.de : Duplicate key
> JSESSIONID (attempted merging values
> S1UORXS_8UY0_ez8btH1SPUAwhKKR-gF0vdrMRfv.testi1 and
> 4BGYqs_UORErBL0yZ3kLRq484rDDr-eWY0YAPItP.test1)
>
> This issue also occurs when running the script in the gui.
> All I found when googling was this: Question with same error message

> <https://groups.google.com/g/zaproxy-users/c/zIFbNfgX87I/m/LuQ2NVgMBgAJ>