I have manually gone through all the URLs (GET/POST requests) I need the ZAP to scan. However the session always got lost during the full site scan. When I tried to scan only some URLs listed on the site panel (where you can see a list of URL), I multi-selected my targets, right click, in the menu select "Attack", then in the sub-menu all items are grayed-out. I can only select one URL and attack but is there a way to multi-select?
Please let me know if additional information is needed.
Re the session I assume you are talking about the target session rather than the ZAP one. If so then there are various options from setting the session as 'active' on the HTTP Sessions tab to configuring ZAP to understand your apps authentication. To scan multiple targets you can addd then all to the same context and then scan that.