Application Login Session
During the manual audit/scan, why does the burp logsout the application under audit/scan?
During the audit/scan, some of the requests are resulting in request timed out? Is it expected and what could be the reason?
During the audit/scan, is it necessary to maintain an active session of the application under scan or Burp has the capability to handle this automatically?
Would you be able to tell us a bit more about what’s happening with the logout during a manual audit/scan? Could you clarify that you are referring to Burp logging itself out of the target application during the scan?
Requests can time out for a number of reasons, as a starting point, it could be worth throttling the requests and seeing if this helps the website respond more quickly. Information on how to configure the resource pool can be found here: https://portswigger.net/blog/burp-2-0-how-do-i-throttle-requests.
To respond to your final question fully, we would need to know more about the authentication requirements of the target application as this could require a combination of various Burp tools to maintain a successful session during scanning.