function SessionTestCase::testSameSiteCookieAttributeDisabledViaConf
Test disabling the samesite attribute on session cookies via $conf
File
-
modules/
simpletest/ tests/ session.test, line 393
Class
- SessionTestCase
- @file Provides SimpleTests for core session handling functionality.
Code
function testSameSiteCookieAttributeDisabledViaConf() {
$user = $this->drupalCreateUser(array(
'access content',
));
$this->sessionReset($user->uid);
variable_set('samesite_cookie_value', FALSE);
if (\PHP_VERSION_ID < 70300) {
// There is no session.cookie_samesite in earlier PHP versions.
$this->drupalLogin($user);
}
else {
// Send our own login POST so that we can pass a custom header to trigger
// session_test.module to call ini_set('session.cookie_samesite', $value)
$headers[] = 'X-Session-Cookie-Ini-Set: Lax';
$edit = array(
'name' => $user->name,
'pass' => $user->pass_raw,
);
$this->drupalPost('user', $edit, t('Log in'), array(), $headers);
}
$this->assertFalse(preg_match('/SameSite=/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (conf).');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.