function SessionTestCase::testSamesiteCookieOverrideLaxToStrict

Test overriding the PHP setting for session.cookie_samesite with the samesite_cookie_value variable.

File

modules/simpletest/tests/session.test, line 461

Provides SimpleTests for core session handling functionality.

Class

SessionTestCase

@file Provides SimpleTests for core session handling functionality.

Code

function testSamesiteCookieOverrideLaxToStrict() {
  if (\PHP_VERSION_ID < 70300) {

    // There is no session.cookie_samesite in earlier PHP versions.
    $this
      ->pass('This test is only for PHP 7.3 and later.');
    return;
  }
  variable_set('samesite_cookie_value', 'Strict');
  $user = $this
    ->drupalCreateUser(array(
    'access content',
  ));

  // Send our own login POST so that we can pass a custom header to trigger
  // session_test.module to call ini_set('session.cookie_samesite', $value)
  $headers[] = 'X-Session-Cookie-Ini-Set: Lax';
  $edit = array(
    'name' => $user->name,
    'pass' => $user->pass_raw,
  );
  $this
    ->drupalPost('user', $edit, t('Log in'), array(), $headers);
  $this
    ->assertTrue(preg_match('/SameSite=Strict/i', $this
    ->drupalGetHeader('Set-Cookie', TRUE)), 'Session cookie is set as SameSite=Strict.');
}