function SessionTestCase::testSameSiteCookieAttributeNoneSecure

Test SameSite attribute = None by default on Secure session cookies.

File

modules/simpletest/tests/session.test, line 338

Class

SessionTestCase
@file Provides SimpleTests for core session handling functionality.

Code

function testSameSiteCookieAttributeNoneSecure() {
    $user = $this->drupalCreateUser(array(
        'access content',
    ));
    $this->sessionReset($user->uid);
    $headers = array();
    if (\PHP_VERSION_ID >= 70300) {
        // Send our own login POST so that we can pass a custom header to trigger
        // session_test.module to call ini_set('session.cookie_samesite', $value)
        $headers[] = 'X-Session-Cookie-Ini-Set: None';
    }
    // Test HTTPS session handling by altering the form action to submit the
    // login form through https.php, which creates a mock HTTPS request.
    $this->drupalGet('user');
    $form = $this->xpath('//form[@id="user-login"]');
    $form[0]['action'] = $this->httpsUrl('user');
    $edit = array(
        'name' => $user->name,
        'pass' => $user->pass_raw,
    );
    $this->drupalPost(NULL, $edit, t('Log in'), array(), $headers);
    $this->assertTrue(preg_match('/SameSite=None/i', $this->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=None.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.