function SessionTestCase::testSessionSaveRegenerate in SimpleTest 7
Tests for drupal_save_session() and drupal_session_regenerate().
File
- tests/
session.test, line 24 - Provides SimpleTests for core session handling functionality.
Class
- SessionTestCase
- @file Provides SimpleTests for core session handling functionality.
Code
function testSessionSaveRegenerate() {
$this
->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.'), t('Session'));
$this
->assertFalse(drupal_save_session(FALSE), t('drupal_save_session() correctly returns FALSE when called with FALSE.'), t('Session'));
$this
->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE when saving has been disabled.'), t('Session'));
$this
->assertTrue(drupal_save_session(TRUE), t('drupal_save_session() correctly returns TRUE when called with TRUE.'), t('Session'));
$this
->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when saving has been enabled.'), t('Session'));
// Test session hardening code from SA-2008-044.
$user = $this
->drupalCreateUser(array(
'access content',
));
// Enable sessions.
$this
->sessionReset($user->uid);
// Make sure the session cookie is set as HttpOnly.
$this
->drupalLogin($user);
$this
->assertTrue(preg_match('/HttpOnly/i', $this
->drupalGetHeader('Set-Cookie', TRUE)), t('Session cookie is set as HttpOnly.'));
$this
->drupalLogout();
// Verify that the session is regenerated if a module calls exit
// in hook_user_login().
user_save($user, array(
'name' => 'session_test_user',
));
$user->name = 'session_test_user';
$this
->drupalGet('session-test/id');
$matches = array();
preg_match('/\\s*session_id:(.*)\\n/', $this
->drupalGetContent(), $matches);
$this
->assertTrue(!empty($matches[1]), t('Found session ID before logging in.'));
$original_session = $matches[1];
// We cannot use $this->drupalLogin($user); because we exit in
// session_test_user_login() which breaks a normal assertion.
$edit = array(
'name' => $user->name,
'pass' => $user->pass_raw,
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->drupalGet('user');
$pass = $this
->assertText($user->name, t('Found name: %name', array(
'%name' => $user->name,
)), t('User login'));
$this->_logged_in = $pass;
$this
->drupalGet('session-test/id');
$matches = array();
preg_match('/\\s*session_id:(.*)\\n/', $this
->drupalGetContent(), $matches);
$this
->assertTrue(!empty($matches[1]), t('Found session ID after logging in.'));
$this
->assertTrue($matches[1] != $original_session, t('Session ID changed after login.'));
}