Revision db2d93dd
Added by Benjamin Luce over 9 years ago
drupal7/modules/simpletest/tests/session.test | ||
---|---|---|
477 | 477 |
$this->assertResponse(200); |
478 | 478 |
} |
479 | 479 |
|
480 |
/** |
|
481 |
* Tests that empty session IDs do not cause unrelated sessions to load. |
|
482 |
*/ |
|
483 |
public function testEmptySessionId() { |
|
484 |
global $is_https; |
|
485 |
|
|
486 |
if ($is_https) { |
|
487 |
$secure_session_name = session_name(); |
|
488 |
} |
|
489 |
else { |
|
490 |
$secure_session_name = 'S' . session_name(); |
|
491 |
} |
|
492 |
|
|
493 |
// Enable mixed mode for HTTP and HTTPS. |
|
494 |
variable_set('https', TRUE); |
|
495 |
|
|
496 |
$admin_user = $this->drupalCreateUser(array('access administration pages')); |
|
497 |
$standard_user = $this->drupalCreateUser(array('access content')); |
|
498 |
|
|
499 |
// First log in as the admin user on HTTP. |
|
500 |
// We cannot use $this->drupalLogin() here because we need to use the |
|
501 |
// special http.php URLs. |
|
502 |
$edit = array( |
|
503 |
'name' => $admin_user->name, |
|
504 |
'pass' => $admin_user->pass_raw |
|
505 |
); |
|
506 |
$this->drupalGet('user'); |
|
507 |
$form = $this->xpath('//form[@id="user-login"]'); |
|
508 |
$form[0]['action'] = $this->httpUrl('user'); |
|
509 |
$this->drupalPost(NULL, $edit, t('Log in')); |
|
510 |
|
|
511 |
$this->curlClose(); |
|
512 |
|
|
513 |
// Now start a session for the standard user on HTTPS. |
|
514 |
$edit = array( |
|
515 |
'name' => $standard_user->name, |
|
516 |
'pass' => $standard_user->pass_raw |
|
517 |
); |
|
518 |
$this->drupalGet('user'); |
|
519 |
$form = $this->xpath('//form[@id="user-login"]'); |
|
520 |
$form[0]['action'] = $this->httpsUrl('user'); |
|
521 |
$this->drupalPost(NULL, $edit, t('Log in')); |
|
522 |
|
|
523 |
// Make the secure session cookie blank. |
|
524 |
curl_setopt($this->curlHandle, CURLOPT_COOKIE, "$secure_session_name="); |
|
525 |
$this->drupalGet($this->httpsUrl('user')); |
|
526 |
$this->assertNoText($admin_user->name, 'User is not logged in as admin'); |
|
527 |
$this->assertNoText($standard_user->name, "The user's own name is not displayed because the invalid session cookie has logged them out."); |
|
528 |
} |
|
529 |
|
|
480 | 530 |
/** |
481 | 531 |
* Test that there exists a session with two specific session IDs. |
482 | 532 |
* |
Also available in: Unified diff
Update to 7.37