You are here

function SessionTestCase::testSameSiteCookieAttributeDisabledViaConf in Drupal 7

Test disabling the samesite attribute on session cookies via $conf

File

modules/simpletest/tests/session.test, line 329
Provides SimpleTests for core session handling functionality.

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testSameSiteCookieAttributeDisabledViaConf() {
  $user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $this
    ->sessionReset($user->uid);
  variable_set('samesite_cookie_value', FALSE);
  if (\PHP_VERSION_ID < 70300) {

    // There is no session.cookie_samesite in earlier PHP versions.
    $this
      ->drupalLogin($user);
  }
  else {

    // Send our own login POST so that we can pass a custom header to trigger
    // session_test.module to call ini_set('session.cookie_samesite', $value)
    $headers[] = 'X-Session-Cookie-Ini-Set: Lax';
    $edit = array(
      'name' => $user->name,
      'pass' => $user->pass_raw,
    );
    $this
      ->drupalPost('user', $edit, t('Log in'), array(), $headers);
  }
  $this
    ->assertFalse(preg_match('/SameSite=/i', $this
    ->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (conf).');
}