// Check secure cookie is set.
$this->assertTrue((bool)$this->getSession()->getCookie($this->secureSessionName)); // Check insecure cookie is not set.
$this->assertFalse((bool)$this->getSession()->getCookie($this->insecureSessionName)); $this->assertSessionIds($this->getSession()->getCookie($this->secureSessionName), 'Session has a non-empty SID and a correct secure SID.'); $this->assertSessionIds($first_secure_session, 'The first secure session still exists.');
// Verify that empty SID cannot be used on the non-secure site.
$browser_kit_cookie_jar->set(Cookie::fromString($this->insecureSessionName . '=', $this->baseUrl)); $this->drupalGet($this->httpUrl('admin/config'));