public function ApdqcSessionTestCase::testEmptySessionId in Asynchronous Prefetch Database Query Cache 7

Test that empty session IDs are not allowed.

File

./apdqc.test, line 640: Tests for the Asynchronous Prefetch Database Query Cache module.

Class

ApdqcSessionTestCase: Tests for the session system.

Code

public function testEmptySessionId() {
  $GLOBALS['conf']['page_cache_invoke_hooks'] = TRUE;
  $user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $this
    ->drupalLogin($user);
  $this
    ->drupalGet('session-test/is-logged-in');
  $this
    ->assertResponse(200, 'User is logged in.');

  // Reset the sid in {sessions} to a blank string. This may exist in the
  // wild in some cases, although we normally prevent it from happening.
  db_update('sessions')
    ->fields(array(
    'sid' => '',
  ))
    ->condition('uid', $user->uid)
    ->execute();

  // Send a blank sid in the session cookie, and the session should no longer
  // be valid. Closing the curl handler will stop the previous session ID
  // from persisting.
  $this
    ->curlClose();
  $this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->session_name) . '=;';
  $this
    ->drupalGet('session-test/id-from-cookie');
  $this
    ->assertRaw("session_id:\n", 'Session ID is blank as sent from cookie header.');

  // Assert that we have an anonymous session now.
  $this
    ->drupalGet('session-test/is-logged-in');
  $this
    ->assertResponse(403, 'An empty session ID is not allowed.');
}

You are here

public function ApdqcSessionTestCase::testEmptySessionId in Asynchronous Prefetch Database Query Cache 7

File

Class

Code

API Navigation