function SessionAuthenticationTest::testBasicAuthNoSession

Tests that a session is not started automatically by basic authentication.

File

core/modules/system/tests/src/Functional/Session/SessionAuthenticationTest.php, line 122

Class

SessionAuthenticationTest

Tests if sessions are correctly handled when a user authenticates.

Namespace

Code

public function testBasicAuthNoSession() : void {
    // A route that is authorized through basic_auth only, not cookie.
    $no_cookie_url = Url::fromRoute('session_test.get_session_basic_auth');
    // A route that is authorized with standard cookie authentication.
    $cookie_url = 'user/login';
    // If we authenticate with a third party authentication system then no
    // session cookie should be set, the third party system is responsible for
    // sustaining the session.
    $this->basicAuthGet($no_cookie_url, $this->user
        ->getAccountName(), $this->user->passRaw);
    $this->assertSession()
        ->statusCodeEquals(200);
    $this->assertEmpty($this->getSessionCookies());
    // Mink stores some information in the session that breaks the next check if
    // not reset.
    $this->getSession()
        ->restart();
    // On the other hand, authenticating using Cookie sets a cookie.
    $this->drupalGet($cookie_url);
    $this->assertEmpty($this->getSessionCookies());
    $edit = [
        'name' => $this->user
            ->getAccountName(),
        'pass' => $this->user->passRaw,
    ];
    $this->drupalGet($cookie_url);
    $this->submitForm($edit, 'Log in');
    $this->assertNotEmpty($this->getSessionCookies());
}