function SessionTest::testEmptySessionID

Same name and namespace in other branches
  1. 8.9.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()
  2. 10 core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()
  3. 11.x core/modules/system/tests/src/Functional/Session/SessionTest.php \Drupal\Tests\system\Functional\Session\SessionTest::testEmptySessionID()

Tests that empty session IDs are not allowed.

File

core/modules/system/tests/src/Functional/Session/SessionTest.php, line 300

Class

SessionTest
Drupal session handling tests.

Namespace

Drupal\Tests\system\Functional\Session

Code

public function testEmptySessionID() {
    $user = $this->drupalCreateUser([]);
    $this->drupalLogin($user);
    $this->drupalGet('session-test/is-logged-in');
    $this->assertSession()
        ->statusCodeEquals(200);
    // Reset the sid in {sessions} to a blank string. This may exist in the
    // wild in some cases, although we normally prevent it from happening.
    Database::getConnection()->update('sessions')
        ->fields([
        'sid' => '',
    ])
        ->condition('uid', $user->id())
        ->execute();
    // Send a blank sid in the session cookie, and the session should no longer
    // be valid. Closing the curl handler will stop the previous session ID
    // from persisting.
    $this->mink
        ->resetSessions();
    $this->drupalGet('session-test/id-from-cookie');
    // Verify that session ID is blank as sent from cookie header.
    $this->assertSession()
        ->responseContains("session_id:\n");
    // Assert that we have an anonymous session now.
    $this->drupalGet('session-test/is-logged-in');
    $this->assertSession()
        ->statusCodeEquals(403);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.