function SessionTestCase::testSameSiteCookieAttributeNoneSecure in Drupal 7
Test SameSite attribute = None by default on Secure session cookies.
File
- modules/
simpletest/ tests/ session.test, line 274 - Provides SimpleTests for core session handling functionality.
Class
- SessionTestCase
- @file Provides SimpleTests for core session handling functionality.
Code
function testSameSiteCookieAttributeNoneSecure() {
$user = $this
->drupalCreateUser(array(
'access content',
));
$this
->sessionReset($user->uid);
$headers = array();
if (\PHP_VERSION_ID >= 70300) {
// Send our own login POST so that we can pass a custom header to trigger
// session_test.module to call ini_set('session.cookie_samesite', $value)
$headers[] = 'X-Session-Cookie-Ini-Set: None';
}
// Test HTTPS session handling by altering the form action to submit the
// login form through https.php, which creates a mock HTTPS request.
$this
->drupalGet('user');
$form = $this
->xpath('//form[@id="user-login"]');
$form[0]['action'] = $this
->httpsUrl('user');
$edit = array(
'name' => $user->name,
'pass' => $user->pass_raw,
);
$this
->drupalPost(NULL, $edit, t('Log in'), array(), $headers);
$this
->assertTrue(preg_match('/SameSite=None/i', $this
->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=None.');
}