function SessionTestCase::testEmptySessionID

Test that empty session IDs are not allowed.

File

modules/simpletest/tests/session.test, line 228

Class

SessionTestCase: @file Provides SimpleTests for core session handling functionality.

Code

function testEmptySessionID() {
    $user = $this->drupalCreateUser(array(
        'access content',
    ));
    $this->drupalLogin($user);
    $this->drupalGet('session-test/is-logged-in');
    $this->assertResponse(200, 'User is logged in.');
    // Reset the sid in {sessions} to a blank string. This may exist in the
    // wild in some cases, although we normally prevent it from happening.
    db_query("UPDATE {sessions} SET sid = '' WHERE uid = :uid", array(
        ':uid' => $user->uid,
    ));
    // Send a blank sid in the session cookie, and the session should no longer
    // be valid. Closing the curl handler will stop the previous session ID
    // from persisting.
    $this->curlClose();
    $this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->session_name) . '=;';
    $this->drupalGet('session-test/id-from-cookie');
    $this->assertRaw("session_id:\n", 'Session ID is blank as sent from cookie header.');
    // Assert that we have an anonymous session now.
    $this->drupalGet('session-test/is-logged-in');
    $this->assertResponse(403, 'An empty session ID is not allowed.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function SessionTestCase::testEmptySessionID

File

Class

Code

Search drupal 7.x

API Navigation

Breadcrumb

function SessionTestCase::testEmptySessionID

File

Class

Code

Search drupal 7.x

API Navigation