git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java

@@ -225,6 +225,8 @@ public class WebSession
 	private String feedbackAddress = "<A HREF=mailto:webgoat@aspectsecurity.com>webgoat@aspectsecurity.com</A>";
 
 	private boolean completedHackableAdmin = false;
+	
+	private boolean completedHackableConfig = false;
 
 	private int currentMenu;
 
@@ -724,6 +726,16 @@ public class WebSession
 		return ( completedHackableAdmin );
 	}
 
+	/**
+	 * Has the user ever hacked the hackable config URL
+	 * 
+	 * @return The hackable config value
+	 */
+	public boolean completedHackableConfig()
+	{
+		return ( completedHackableConfig );
+	}
+		
 	/**
 	 * Gets the authenticated attribute of the WebSession object
 	 * 
@@ -1103,6 +1115,14 @@ public class WebSession
 		}
 	}
 
+	public void setHasHackableConfig ( String url)
+	{
+		if ( config.indexOf("config") >= 0)
+		{
+			completedHackableConfig = true;
+		}	
+	}
+	
 	/**
 	 * @return Returns the isDebug.
 	 */