Introduction
Many websites restrict access to parts of their site to authorised users. So Total Validator needs to be authenticated in order to validate these parts of websites. The original method of doing this was to use HTTP Authentication, in which case the options on the Authentication tab can be used for authentication.
A more modern method is to use a 'login form', where the user enters an id and password and the server sends back a session cookie to say that user has been authenticated.
There are two ways of being authenticated using login forms depending on whether you are using just the Pro tool, or using the Firefox/SeaMonkey Extension with the Pro tool. In either case you must set the cookie options appropriately (the defaults should work), and ensure that you skip any logoff links.
Pro tool
If you are just using the Pro tool then the Forms tab can be used to detect the login form whilst validating the website. When a form is found that matches the Action URL specified, Total Validator will click the appropriate Submit button sending any hidden or default form parameters together with any parameters that you've explicitly specified (typically your id and password).
If successful the web server will normally return the first secure page and set a session cookie in the tool. The tool can then follow all the links on this page, validating all the secure pages in the usual way. (Note that this assumes that you have entered Pages and Depth options to allow this to happen.)
Extension
In Firefox or SeaMonkey surf to the login form enter your details and click the submit button yourself. Your browser should now hold a session cookie containing a reference to your login session. You can now use the Browser extension to check the current page and this cookie will be passed to the Pro tool so that it will have access to the secure pages of the website. Note that session cookies normally have an expiry time associated with them so don't wait long before validating the site.
Logoff links
It is very common to add a link to every page behind the login page, which logs you off when clicked. Because Total Validator validates every page it will automatically follow these links and so it will be logged off. Any subsequent pages that are validated will either show as failed links or just be the logon page itself. So the number of pages validated will be very short and this problem easy to spot.
The solution is to tell Total Validator to skip the logoff links using the Skip option on the tool or the 'Path to skip' option on the Pro tool tab of the Browser extension.