I would like to point out that HTTP sender script don't processes active scan request after re-auth.
I have automatic plan with active scan and script auth and check session strategy with checking every response, and http sender script that check and replace headers auth token.
When active scanner send request with response contained trigger to re auth, active scan was stopping.
Auth script works done.
HTTP sender script get a new global variable with autn token to set it in header.
And active scan was go on, with request that triggered response with re-auth regex.
But in this request, that was sends second time, auth header dont replaced. It mean that http sender script dont processed this request.
Because of this I have response with re-auth trigger and endless loop of authentication.
How it can be fixed?
The obvious solution is a strategy for poll a specific URL.
But I would like to understand whether it is possible to do it by checking each response.