function SessionTest::testSessionSaveRegenerate
Same name in other branches
- 9 core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()
- 8.9.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()
- 11.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()
Tests session writing and regeneration.
@covers \Drupal\Core\Session\WriteSafeSessionHandler::setSessionWritable @covers \Drupal\Core\Session\WriteSafeSessionHandler::isSessionWritable @covers \Drupal\Core\Session\SessionManager::regenerate
File
-
core/
modules/ system/ tests/ src/ Functional/ Session/ SessionTest.php, line 35
Class
- SessionTest
- Drupal session handling tests.
Namespace
Drupal\Tests\system\Functional\SessionCode
public function testSessionSaveRegenerate() : void {
$session_handler = $this->container
->get('session_handler.write_safe');
$this->assertTrue($session_handler->isSessionWritable(), 'session_handler->isSessionWritable() initially returns TRUE.');
$session_handler->setSessionWritable(FALSE);
$this->assertFalse($session_handler->isSessionWritable(), '$session_handler->isSessionWritable() returns FALSE after disabling.');
$session_handler->setSessionWritable(TRUE);
$this->assertTrue($session_handler->isSessionWritable(), '$session_handler->isSessionWritable() returns TRUE after enabling.');
// Test session hardening code from SA-2008-044.
$user = $this->drupalCreateUser();
// Enable sessions.
$this->sessionReset();
// Make sure the session cookie is set as HttpOnly. We can only test this in
// the header, with the test setup
// \GuzzleHttp\Cookie\SetCookie::getHttpOnly() always returns FALSE.
// Start a new session by setting a message.
$this->drupalGet('session-test/set-message');
$this->assertSessionCookie(TRUE);
// Verify that the session cookie is set as HttpOnly.
$this->assertSession()
->responseHeaderMatches('Set-Cookie', '/HttpOnly/i');
// Verify that the session is regenerated if a module calls exit
// in hook_user_login().
$user->name = 'session_test_user';
$user->save();
$this->drupalGet('session-test/id');
$matches = [];
preg_match('/\\s*session_id:(.*)\\n/', $this->getSession()
->getPage()
->getContent(), $matches);
$this->assertNotEmpty($matches[1], 'Found session ID before logging in.');
$original_session = $matches[1];
// We cannot use $this->drupalLogin($user); because we exit in
// session_test_user_login() which breaks a normal assertion.
$edit = [
'name' => $user->getAccountName(),
'pass' => $user->passRaw,
];
$this->drupalGet('user/login');
$this->submitForm($edit, 'Log in');
$this->drupalGet('user');
$this->assertSession()
->pageTextContains($user->getAccountName());
$this->drupalGet('session-test/id');
$matches = [];
preg_match('/\\s*session_id:(.*)\\n/', $this->getSession()
->getPage()
->getContent(), $matches);
$this->assertNotEmpty($matches[1], 'Found session ID after logging in.');
$this->assertNotSame($original_session, $matches[1], 'Session ID changed after login.');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.