You are here

Home » API reference » Drupal 7 » session.test » SessionTestCase

function SessionTestCase::testSameSiteCookieAttributeNoneSecure in Drupal 7

Test SameSite attribute = None by default on Secure session cookies.

File

modules/simpletest/tests/session.test, line 274
Provides SimpleTests for core session handling functionality.

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testSameSiteCookieAttributeNoneSecure() {
  $user = $this
    ->drupalCreateUser(array(
    'access content',
  ));
  $this
    ->sessionReset($user->uid);
  $headers = array();
  if (\PHP_VERSION_ID >= 70300) {

    // Send our own login POST so that we can pass a custom header to trigger
    // session_test.module to call ini_set('session.cookie_samesite', $value)
    $headers[] = 'X-Session-Cookie-Ini-Set: None';
  }

  // Test HTTPS session handling by altering the form action to submit the
  // login form through https.php, which creates a mock HTTPS request.
  $this
    ->drupalGet('user');
  $form = $this
    ->xpath('//form[@id="user-login"]');
  $form[0]['action'] = $this
    ->httpsUrl('user');
  $edit = array(
    'name' => $user->name,
    'pass' => $user->pass_raw,
  );
  $this
    ->drupalPost(NULL, $edit, t('Log in'), array(), $headers);
  $this
    ->assertTrue(preg_match('/SameSite=None/i', $this
    ->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=None.');
}