function SessionTestCase::testNoSameSiteCookieAttributeDefault

Test absence of SameSite attribute on session cookies by default.

File

modules/simpletest/tests/session.test, line 314

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testNoSameSiteCookieAttributeDefault() {
    $user = $this->drupalCreateUser(array(
        'access content',
    ));
    $this->sessionReset($user->uid);
    if (\PHP_VERSION_ID < 70300) {
        $this->drupalLogin($user);
    }
    else {
        // PHP often defaults to an empty value for session.cookie_samesite but
        // that may vary, so we set an explicit empty value.
        // Send our own login POST so that we can pass a custom header to trigger
        // session_test.module to call ini_set('session.cookie_samesite', $value)
        $headers[] = 'X-Session-Cookie-Ini-Set: *EMPTY*';
        $edit = array(
            'name' => $user->name,
            'pass' => $user->pass_raw,
        );
        $this->drupalPost('user', $edit, t('Log in'), array(), $headers);
    }
    $this->assertFalse(preg_match('/SameSite=/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie has no SameSite attribute (default).');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.