Introduction
Many websites restrict access to parts of their site to authorised users. So Total Validator needs to be authenticated in order to validate these parts of websites. The original method of doing this was to use HTTP Authentication, in which case the options on the Authentication tab can be used for authentication.
A more modern method is to use a 'login form', where the user enters an id and password and the server sends back a session cookie to say that user has been authenticated.
There are two ways of being authenticated using login forms depending on whether you are using just the Pro tool, or using a browser extension with the Pro tool. In either case you must set the cookie options appropriately (the defaults should work), and ensure that you skip any logoff and delete links.
topPro tool
If you are just using the Pro tool then the Forms tab can be used to detect the login form whilst validating the website. When a form is found that matches any Action URL specified, Total Validator will effectively click the appropriate Submit button sending any hidden or default form parameters together with any parameters that you've explicitly specified (typically your id and password).
If successful the web server will normally return the first secure page and set a session cookie in the tool. The tool can then follow all the links on this page, validating all the secure pages in the usual way. (Note that this assumes that you have entered Pages and include options to allow this to happen.)
Browser extensions
In Chrome/Firefox/SeaMonkey log into the site manually. Your browser should now hold a session cookie containing a reference to your login session. You can now use a browser extension to check the current page. This will pass the session cookie to the Pro tool so that it will have access to the secure pages of the website.
Logoff and delete links
It is very common to add a link to every page behind the login page, which logs you off when clicked. Because Total Validator validates every page it will automatically follow these links and so it will be logged off. Any subsequent pages that are validated will either show as failed links or just be the logon page itself. So the number of pages validated will be very short and this problem easy to spot. Sometimes you will also see errors complaining about links that redirect to themselves when this happens.
You may also have links on your pages that delete or otherwise destroy resources. A common example is to display a list of documents in a table with a column of links to delete each document, or even a 'delete all' link. In this case Total Validator will faithfully follow each link deleting all of the documents. Note that it is good programming practice to replace all such links with submit buttons instead, although this may not always be possible.
You can solve these issues by telling Total Validator to skip these logoff and delete links using the Skip option on the tool or the 'Path to skip' option on the Pro tool tab of the Browser extension.