getSameSite example

$str .= '; domain='.$this->getDomain();
        }

        if (true === $this->isSecure()) {
            $str .= '; secure';
        }

        if (true === $this->isHttpOnly()) {
            $str .= '; httponly';
        }

        if (null !== $this->getSameSite()) {
            $str .= '; samesite='.$this->getSameSite();
        }

        return $str;
    }

    /** * Gets the name of the cookie. */
    public function getName(): string
    {
        
$this->assertEquals('test', $cookies[1]->getName());
        $this->assertNull($cookies[1]->getValue());

        $this->assertEquals('ABC', $cookies[2]->getName());
        $this->assertEquals('AeD', $cookies[2]->getValue());
        $this->assertEquals(strtotime('Wed, 13 Jan 2021 22:23:01 GMT')$cookies[2]->getExpiresTime());
        $this->assertEquals('dunglas.fr', $cookies[2]->getDomain());
        $this->assertEquals('/kevin', $cookies[2]->getPath());
        $this->assertTrue($cookies[2]->isSecure());
        $this->assertTrue($cookies[2]->isHttpOnly());
        if (\defined('Symfony\Component\HttpFoundation\Cookie::SAMESITE_STRICT')) {
            $this->assertEquals(Cookie::SAMESITE_STRICT, $cookies[2]->getSameSite());
        }

        $this->assertEquals('The response body', $symfonyResponse->getContent());
        $this->assertEquals(200, $symfonyResponse->getStatusCode());

        $symfonyResponse = $this->factory->createResponse($response, true);

        ob_start();
        $symfonyResponse->sendContent();
        $sentContent = ob_get_clean();

        
$this->assertCount(0, $cookies);

        $listener->onLogout($event);

        $cookies = $response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
        $this->assertCount(2, $cookies);

        $cookie = $cookies['foo.foo']['/foo']['foo'];
        $this->assertEquals('foo', $cookie->getName());
        $this->assertEquals('/foo', $cookie->getPath());
        $this->assertEquals('foo.foo', $cookie->getDomain());
        $this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
        $this->assertTrue($cookie->isSecure());
        $this->assertTrue($cookie->isCleared());

        $cookie = $cookies['']['/']['foo2'];
        $this->assertStringStartsWith('foo2', $cookie->getName());
        $this->assertEquals('/', $cookie->getPath());
        $this->assertNull($cookie->getDomain());
        $this->assertNull($cookie->getSameSite());
        $this->assertFalse($cookie->isSecure());
        $this->assertTrue($cookie->isCleared());
    }
}


    /** * Configuration. * * Handle input binds and configuration defaults. */
    protected function configure()
    {
        ini_set('session.name', $this->config->cookieName);

        $sameSite = $this->cookie->getSameSite() ?: ucfirst(Cookie::SAMESITE_LAX);

        $params = [
            'lifetime' => $this->config->expiration,
            'path'     => $this->cookie->getPath(),
            'domain'   => $this->cookie->getDomain(),
            'secure'   => $this->cookie->isSecure(),
            'httponly' => true, // HTTP only; Yes, this is intentional and not configurable for security reasons.             'samesite' => $sameSite,
        ];

        ini_set('session.cookie_samesite', $sameSite);
        
$cookieHeader[] = 'Domain=' . $this->getDomain();
        }

        if ($this->isSecure()) {
            $cookieHeader[] = 'Secure';
        }

        if ($this->isHTTPOnly()) {
            $cookieHeader[] = 'HttpOnly';
        }

        $samesite = $this->getSameSite();

        if ($samesite === '') {
            // modern browsers warn in console logs that an empty SameSite attribute             // will be given the `Lax` value             $samesite = self::SAMESITE_LAX;
        }

        $cookieHeader[] = 'SameSite=' . ucfirst(strtolower($samesite));

        return implode('; ', $cookieHeader);
    }

    
$response = $this->createResponse();
        $response->setStatusCode(302);
        $response->headers->set('Location', '/somewhere-else');

        $c->collect($request = $this->createRequest()$response);
        $c->lateCollect();

        $cookie = $this->getCookieByName($response, 'sf_redirect');

        $this->assertNotEmpty($cookie->getValue());
        $this->assertSame('lax', $cookie->getSameSite());
        $this->assertFalse($cookie->isSecure());
    }

    public function testItCollectsTheRedirectionAndClearTheCookie()
    {
        $c = new RequestDataCollector();

        $request = $this->createRequest();
        $request->attributes->set('_redirected', true);
        $request->cookies->add([
            'sf_redirect' => '{"method": "POST"}',
        ]);
$client = $this->createClient(['test_case' => 'RememberMe', 'root_config' => 'stateless_config.yml']);

        $client->request('POST', '/login', [
            '_username' => 'johannes',
            '_password' => 'test',
        ]);

        $cookieJar = $client->getCookieJar();
        $cookieJar->expire(session_name());

        $this->assertNotNull($cookieJar->get('REMEMBERME'));
        $this->assertSame('lax', $cookieJar->get('REMEMBERME')->getSameSite());

        $client->request('GET', '/logout');
        $this->assertSame(302, $client->getResponse()->getStatusCode(), 'Logout unsuccessful.');
        $this->assertNull($cookieJar->get('REMEMBERME'));
    }

    public static function provideConfigs()
    {
        yield [['root_config' => 'config_session.yml']];
        yield [['root_config' => 'config_persistent.yml']];
    }
}

        $cookie = Cookie::fromString('foo=bar; expires=Fri, 20 May 2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly');
        $this->assertTrue($cookie->isHttpOnly());

        $cookie = Cookie::fromString('foo=bar; expires=Fri, 20 May 2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure');
        $this->assertFalse($cookie->isHttpOnly());
    }

    public function testSameSiteAttribute()
    {
        $cookie = new Cookie('foo', 'bar', 0, '/', null, false, true, false, 'Lax');
        $this->assertEquals('lax', $cookie->getSameSite());

        $cookie = new Cookie('foo', 'bar', 0, '/', null, false, true, false, '');
        $this->assertNull($cookie->getSameSite());

        $cookie = Cookie::create('foo')->withSameSite('Lax');
        $this->assertEquals('lax', $cookie->getSameSite());
    }

    public function testSetSecureDefault()
    {
        $cookie = Cookie::create('foo', 'bar');

        
$str .= '; domain='.$this->getDomain();
        }

        if (true === $this->isSecure()) {
            $str .= '; secure';
        }

        if (true === $this->isHttpOnly()) {
            $str .= '; httponly';
        }

        if (null !== $this->getSameSite()) {
            $str .= '; samesite='.$this->getSameSite();
        }

        return $str;
    }

    /** * Gets the name of the cookie. */
    public function getName(): string
    {
        
public function testConstructException()
    {
        $this->expectException(UnexpectedValueException::class);
        $this->expectExceptionMessage('The cookie expiration time "string" is not valid.');
        new Cookie('foo', 'bar', 'string');
    }

    public function testSameSite()
    {
        $cookie = new Cookie('foo', 'bar');
        $this->assertNull($cookie->getSameSite());

        $cookie = new Cookie('foo', 'bar', 0, '/', 'foo.com', false, true, false, 'lax');
        $this->assertSame('lax', $cookie->getSameSite());
    }
}
$cookies = $response->headers->getCookies();

        if ($sessionOptions['use_cookies'] ?? true) {
            $this->assertCount(1, $cookies);
            $this->assertSame('PHPSESSID', $cookies[0]->getName());
            $this->assertSame('123456', $cookies[0]->getValue());
            $this->assertSame($expectedSessionOptions['cookie_path']$cookies[0]->getPath());
            $this->assertSame($expectedSessionOptions['cookie_domain']$cookies[0]->getDomain());
            $this->assertSame($expectedSessionOptions['cookie_secure']$cookies[0]->isSecure());
            $this->assertSame($expectedSessionOptions['cookie_httponly']$cookies[0]->isHttpOnly());
            $this->assertSame($expectedSessionOptions['cookie_samesite']$cookies[0]->getSameSite());
        } else {
            $this->assertCount(0, $cookies);
        }
    }

    public static function provideSessionOptions(): \Generator
    {
        yield 'set_samesite_by_php' => [
            'phpSessionOptions' => ['samesite' => Cookie::SAMESITE_STRICT],
            'sessionOptions' => ['cookie_path' => '/test/', 'cookie_domain' => '', 'cookie_secure' => true, 'cookie_httponly' => true],
            'expectedSessionOptions' => ['cookie_path' => '/test/', 'cookie_domain' => '', 'cookie_secure' => true, 'cookie_httponly' => true, 'cookie_samesite' => Cookie::SAMESITE_STRICT],
        ];
Home | Imprint | This part of the site doesn't use cookies.