function SessionTest::testEmptySessionID
Same name in other branches
- 8.9.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()
- 10 core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()
- 11.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()
Tests that empty session IDs are not allowed.
File
-
core/
modules/ system/ tests/ src/ Functional/ Session/ SessionTest.php, line 300
Class
- SessionTest
- Drupal session handling tests.
Namespace
Drupal\Tests\system\Functional\SessionCode
public function testEmptySessionID() {
$user = $this->drupalCreateUser([]);
$this->drupalLogin($user);
$this->drupalGet('session-test/is-logged-in');
$this->assertSession()
->statusCodeEquals(200);
// Reset the sid in {sessions} to a blank string. This may exist in the
// wild in some cases, although we normally prevent it from happening.
Database::getConnection()->update('sessions')
->fields([
'sid' => '',
])
->condition('uid', $user->id())
->execute();
// Send a blank sid in the session cookie, and the session should no longer
// be valid. Closing the curl handler will stop the previous session ID
// from persisting.
$this->mink
->resetSessions();
$this->drupalGet('session-test/id-from-cookie');
// Verify that session ID is blank as sent from cookie header.
$this->assertSession()
->responseContains("session_id:\n");
// Assert that we have an anonymous session now.
$this->drupalGet('session-test/is-logged-in');
$this->assertSession()
->statusCodeEquals(403);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.