1 session.test | SessionTestCase::testSessionSaveRegenerate() |
Tests for backdrop_save_session() and backdrop_session_regenerate().
File
- core/
modules/ simpletest/ tests/ session.test, line 18 - Provides SimpleTests for core session handling functionality.
Class
Code
function testSessionSaveRegenerate() {
$this->assertFalse(backdrop_save_session(), 'backdrop_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.', 'Session');
$this->assertFalse(backdrop_save_session(FALSE), 'backdrop_save_session() correctly returns FALSE when called with FALSE.', 'Session');
$this->assertFalse(backdrop_save_session(), 'backdrop_save_session() correctly returns FALSE when saving has been disabled.', 'Session');
$this->assertTrue(backdrop_save_session(TRUE), 'backdrop_save_session() correctly returns TRUE when called with TRUE.', 'Session');
$this->assertTrue(backdrop_save_session(), 'backdrop_save_session() correctly returns TRUE when saving has been enabled.', 'Session');
// Test session hardening code from SA-2008-044.
$user = $this->backdropCreateUser(array('access content'));
// Enable sessions.
$this->sessionReset($user->uid);
// Make sure the session cookie is set as HttpOnly.
$this->backdropLogin($user);
$this->assertTrue(preg_match('/HttpOnly/i', $this->backdropGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as HttpOnly.');
$this->backdropLogout();
// Verify that the session is regenerated if a module calls exit
// in hook_user_login().
$user->name = 'session_test_user';
$user->save();
$this->backdropGet('session-test/id');
$matches = array();
preg_match('/\s*session_id:(.*)\n/', $this->backdropGetContent(), $matches);
$this->assertTrue(!empty($matches[1]), 'Found session ID before logging in.');
$original_session = $matches[1];
// We cannot use $this->backdropLogin($user); because we exit in
// session_test_user_login() which breaks a normal assertion.
$edit = array(
'name' => $user->name,
'pass' => $user->pass_raw
);
$this->backdropPost('user/login', $edit, t('Log in'));
$this->backdropGet('user');
$pass = $this->assertText($user->name, format_string('Found name: %name', array('%name' => $user->name)), 'User login');
$this->backdropGet('session-test/id');
$matches = array();
preg_match('/\s*session_id:(.*)\n/', $this->backdropGetContent(), $matches);
$this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
$this->assertTrue($matches[1] != $original_session, 'Session ID changed after login.');
}