You are here

function SessionTestCase::testSessionSaveRegenerate in SimpleTest 7

Tests for drupal_save_session() and drupal_session_regenerate().

File

tests/session.test, line 24
Provides SimpleTests for core session handling functionality.

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testSessionSaveRegenerate() {
  $this
    ->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.'), t('Session'));
  $this
    ->assertFalse(drupal_save_session(FALSE), t('drupal_save_session() correctly returns FALSE when called with FALSE.'), t('Session'));
  $this
    ->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE when saving has been disabled.'), t('Session'));
  $this
    ->assertTrue(drupal_save_session(TRUE), t('drupal_save_session() correctly returns TRUE when called with TRUE.'), t('Session'));
  $this
    ->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when saving has been enabled.'), t('Session'));

  // Test session hardening code from SA-2008-044.
  $user = $this
    ->drupalCreateUser(array(
    'access content',
  ));

  // Enable sessions.
  $this
    ->sessionReset($user->uid);

  // Make sure the session cookie is set as HttpOnly.
  $this
    ->drupalLogin($user);
  $this
    ->assertTrue(preg_match('/HttpOnly/i', $this
    ->drupalGetHeader('Set-Cookie', TRUE)), t('Session cookie is set as HttpOnly.'));
  $this
    ->drupalLogout();

  // Verify that the session is regenerated if a module calls exit
  // in hook_user_login().
  user_save($user, array(
    'name' => 'session_test_user',
  ));
  $user->name = 'session_test_user';
  $this
    ->drupalGet('session-test/id');
  $matches = array();
  preg_match('/\\s*session_id:(.*)\\n/', $this
    ->drupalGetContent(), $matches);
  $this
    ->assertTrue(!empty($matches[1]), t('Found session ID before logging in.'));
  $original_session = $matches[1];

  // We cannot use $this->drupalLogin($user); because we exit in
  // session_test_user_login() which breaks a normal assertion.
  $edit = array(
    'name' => $user->name,
    'pass' => $user->pass_raw,
  );
  $this
    ->drupalPost('user', $edit, t('Log in'));
  $this
    ->drupalGet('user');
  $pass = $this
    ->assertText($user->name, t('Found name: %name', array(
    '%name' => $user->name,
  )), t('User login'));
  $this->_logged_in = $pass;
  $this
    ->drupalGet('session-test/id');
  $matches = array();
  preg_match('/\\s*session_id:(.*)\\n/', $this
    ->drupalGetContent(), $matches);
  $this
    ->assertTrue(!empty($matches[1]), t('Found session ID after logging in.'));
  $this
    ->assertTrue($matches[1] != $original_session, t('Session ID changed after login.'));
}