public function SessionHttpsTest::testHttpsSession in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Session/SessionHttpsTest.php \Drupal\system\Tests\Session\SessionHttpsTest::testHttpsSession()
File
- core/
modules/ system/ src/ Tests/ Session/ SessionHttpsTest.php, line 57 - Contains \Drupal\system\Tests\Session\SessionHttpsTest.
Class
- SessionHttpsTest
- Ensure that when running under HTTPS two session cookies are generated.
Namespace
Drupal\system\Tests\SessionCode
public function testHttpsSession() {
$user = $this
->drupalCreateUser(array(
'access administration pages',
));
// Test HTTPS session handling by altering the form action to submit the
// login form through https.php, which creates a mock HTTPS request.
$this
->loginHttps($user);
// Test a second concurrent session.
$this
->curlClose();
$this->curlCookies = array();
$this
->loginHttps($user);
// Check secure cookie on secure page.
$this
->assertTrue($this->cookies[$this->secureSessionName]['secure'], 'The secure cookie has the secure attribute');
// Check insecure cookie is not set.
$this
->assertFalse(isset($this->cookies[$this->insecureSessionName]));
$ssid = $this->cookies[$this->secureSessionName]['value'];
$this
->assertSessionIds($ssid, 'Session has a non-empty SID and a correct secure SID.');
// Verify that user is logged in on secure URL.
$this
->drupalGet($this
->httpsUrl('admin/config'));
$this
->assertText(t('Configuration'));
$this
->assertResponse(200);
// Verify that user is not logged in on non-secure URL.
$this
->drupalGet($this
->httpUrl('admin/config'));
$this
->assertNoText(t('Configuration'));
$this
->assertResponse(403);
// Verify that empty SID cannot be used on the non-secure site.
$this
->curlClose();
$this->curlCookies = array(
$this->insecureSessionName . '=',
);
$this
->drupalGet($this
->httpUrl('admin/config'));
$this
->assertResponse(403);
// Test HTTP session handling by altering the form action to submit the
// login form through http.php, which creates a mock HTTP request on HTTPS
// test environments.
$this
->curlClose();
$this->curlCookies = array();
$this
->loginHttp($user);
$this
->drupalGet($this
->httpUrl('admin/config'));
$this
->assertResponse(200);
$sid = $this->cookies[$this->insecureSessionName]['value'];
$this
->assertSessionIds($sid, '', 'Session has the correct SID and an empty secure SID.');
// Verify that empty secure SID cannot be used on the secure site.
$this
->curlClose();
$this->curlCookies = array(
$this->secureSessionName . '=',
);
$this
->drupalGet($this
->httpsUrl('admin/config'));
$this
->assertResponse(403);
// Clear browser cookie jar.
$this->cookies = array();
}