function SessionTest::testSessionSaveRegenerate

Same name in other branches
  1. 9 core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()
  2. 10 core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()
  3. 11.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testSessionSaveRegenerate()

Tests for \Drupal\Core\Session\WriteSafeSessionHandler::setSessionWritable() ::isSessionWritable and \Drupal\Core\Session\SessionManager::regenerate().

File

core/modules/system/tests/src/Functional/Session/SessionTest.php, line 34

Class

SessionTest
Drupal session handling tests.

Namespace

Drupal\Tests\system\Functional\Session

Code

public function testSessionSaveRegenerate() {
    $session_handler = $this->container
        ->get('session_handler.write_safe');
    $this->assertTrue($session_handler->isSessionWritable(), 'session_handler->isSessionWritable() initially returns TRUE.');
    $session_handler->setSessionWritable(FALSE);
    $this->assertFalse($session_handler->isSessionWritable(), '$session_handler->isSessionWritable() returns FALSE after disabling.');
    $session_handler->setSessionWritable(TRUE);
    $this->assertTrue($session_handler->isSessionWritable(), '$session_handler->isSessionWritable() returns TRUE after enabling.');
    // Test session hardening code from SA-2008-044.
    $user = $this->drupalCreateUser();
    // Enable sessions.
    $this->sessionReset();
    // Make sure the session cookie is set as HttpOnly. We can only test this in
    // the header, with the test setup
    // \GuzzleHttp\Cookie\SetCookie::getHttpOnly() always returns FALSE.
    // Start a new session by setting a message.
    $this->drupalGet('session-test/set-message');
    $this->assertSessionCookie(TRUE);
    $this->assertRegExp('/HttpOnly/i', $this->drupalGetHeader('Set-Cookie', TRUE), 'Session cookie is set as HttpOnly.');
    // Verify that the session is regenerated if a module calls exit
    // in hook_user_login().
    $user->name = 'session_test_user';
    $user->save();
    $this->drupalGet('session-test/id');
    $matches = [];
    preg_match('/\\s*session_id:(.*)\\n/', $this->getSession()
        ->getPage()
        ->getContent(), $matches);
    $this->assertTrue(!empty($matches[1]), 'Found session ID before logging in.');
    $original_session = $matches[1];
    // We cannot use $this->drupalLogin($user); because we exit in
    // session_test_user_login() which breaks a normal assertion.
    $edit = [
        'name' => $user->getAccountName(),
        'pass' => $user->passRaw,
    ];
    $this->drupalPostForm('user/login', $edit, t('Log in'));
    $this->drupalGet('user');
    $pass = $this->assertText($user->getAccountName(), new FormattableMarkup('Found name: %name', [
        '%name' => $user->getAccountName(),
    ]), 'User login');
    $this->_logged_in = $pass;
    $this->drupalGet('session-test/id');
    $matches = [];
    preg_match('/\\s*session_id:(.*)\\n/', $this->getSession()
        ->getPage()
        ->getContent(), $matches);
    $this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
    $this->assertTrue($matches[1] != $original_session, 'Session ID changed after login.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.