CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
assertSessionCookie example
// Test session hardening code from SA-2008-044.
$user = $this->drupalCreateUser();
// Enable sessions. $this->sessionReset();
// Make sure the session cookie is set as HttpOnly. We can only test this in // the header, with the test setup // \GuzzleHttp\Cookie\SetCookie::getHttpOnly() always returns FALSE. // Start a new session by setting a message. $this->drupalGet('session-test/set-message');
$this->assertSessionCookie(TRUE);
// Verify that the session cookie is set as HttpOnly. $this->assertSession()->responseHeaderMatches('Set-Cookie', '/HttpOnly/i');
// Verify that the session is regenerated if a module calls exit // in hook_user_login(). $user->name = 'session_test_user';
$user->save();
$this->drupalGet('session-test/id');
$matches = [];
preg_match('/\s*session_id:(.*)\n/', $this->getSession()->getPage()->getContent(), $matches);
$this->assertNotEmpty($matches[1], 'Found session ID before logging in.');
// Enable sessions. $this->sessionReset();
// Make sure the session cookie is set as HttpOnly. We can only test this in // the header, with the test setup // \GuzzleHttp\Cookie\SetCookie::getHttpOnly() always returns FALSE. // Start a new session by setting a message. $this->drupalGet('session-test/set-message');
$this->assertSessionCookie(TRUE);
// Verify that the session cookie is set as HttpOnly. $this->assertSession()->responseHeaderMatches('Set-Cookie', '/HttpOnly/i');
// Verify that the session is regenerated if a module calls exit // in hook_user_login(). $user->name = 'session_test_user';
$user->save();
$this->drupalGet('session-test/id');
$matches = [];
preg_match('/\s*session_id:(.*)\n/', $this->getSession()->getPage()->getContent(), $matches);
$this->assertNotEmpty($matches[1], 'Found session ID before logging in.');