session.data File is huge

[Akshay Pramod Pai]

Hi Guys,

   I am facing issues with session file its over 30 GB.

I am using ZAP 2.11.1. I have even tried weekly release version and face the same issue.

Steps Followed

1. Open ZAP

2. Record a Session

3. Persist a Session

4. Run Active Spider

5. Run Passive Spider

6. Start Active scan.

Scan stops in middle due to low disk space.

[Simon Bennetts]

Hiya,

"Record a Session" - that can cover a multitude of sins ;)

If you do very little in the session then I'd expect it to be small.

If you make loads of requests and get large responses back then I'd expect it to be big.

What are you doing in the session?

Has the size changed significantly compared with older ZAP releases?

Cheers,

Simon

[Tanut GinChuu]

Hi, 

I face with cannot open session too. 

I've recorded and then run spider + active scan until it finish first round. 

After developer fix vulnerability, i open session aim to re-run. I wait for 3 hrs nothing happen, until ZAP is not response.

- .session file is 190byte

- .session.data is 31GB (i also try to remove .session.data and then open session from ZAP,  face with error message "Error opening session file")

What should i do to open it (or reduce size of .session.data) and continue testing.

[thc...@gmail.com]

Hi.

Try using the latest weekly, there were changes to improve the time it
takes to load a session.
https://www.zaproxy.org/download/#weekly


To reduce the size of the session you can enable the option Database >
Compact
https://www.zaproxy.org/docs/desktop/ui/dialogs/options/database/#compact-on-exit

That only works if you already have the session open in ZAP though,
alternatively you could open it outside ZAP (it's a HSQLDB) and run the
compact statement.

Best regards.