function SessionTestCase::testSessionSaveRegenerate

Tests for drupal_save_session() and drupal_session_regenerate().

File

modules/simpletest/tests/session.test, line 26

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testSessionSaveRegenerate() {
    $this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE (inside of testing framework) when initially called with no arguments.', 'Session');
    $this->assertFalse(drupal_save_session(FALSE), 'drupal_save_session() correctly returns FALSE when called with FALSE.', 'Session');
    $this->assertFalse(drupal_save_session(), 'drupal_save_session() correctly returns FALSE when saving has been disabled.', 'Session');
    $this->assertTrue(drupal_save_session(TRUE), 'drupal_save_session() correctly returns TRUE when called with TRUE.', 'Session');
    $this->assertTrue(drupal_save_session(), 'drupal_save_session() correctly returns TRUE when saving has been enabled.', 'Session');
    // Test session hardening code from SA-2008-044.
    $user = $this->drupalCreateUser(array(
        'access content',
    ));
    // Enable sessions.
    $this->sessionReset($user->uid);
    // Make sure the session cookie is set as HttpOnly.
    $this->drupalLogin($user);
    $this->assertTrue(preg_match('/HttpOnly/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as HttpOnly.');
    $this->drupalLogout();
    // Verify that the session is regenerated if a module calls exit
    // in hook_user_login().
    user_save($user, array(
        'name' => 'session_test_user',
    ));
    $user->name = 'session_test_user';
    $this->drupalGet('session-test/id');
    $matches = array();
    preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
    $this->assertTrue(!empty($matches[1]), 'Found session ID before logging in.');
    $original_session = $matches[1];
    // We cannot use $this->drupalLogin($user); because we exit in
    // session_test_user_login() which breaks a normal assertion.
    $edit = array(
        'name' => $user->name,
        'pass' => $user->pass_raw,
    );
    $this->drupalPost('user', $edit, t('Log in'));
    $this->drupalGet('user');
    $pass = $this->assertText($user->name, format_string('Found name: %name', array(
        '%name' => $user->name,
    )), 'User login');
    $this->_logged_in = $pass;
    $this->drupalGet('session-test/id');
    $matches = array();
    preg_match('/\\s*session_id:(.*)\\n/', $this->drupalGetContent(), $matches);
    $this->assertTrue(!empty($matches[1]), 'Found session ID after logging in.');
    $this->assertTrue($matches[1] != $original_session, 'Session ID changed after login.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.