}
$options = $this->cookieOptions;
- if ( $session->shouldForceHTTPS() || $user->requiresHTTPS() ) {
- $response->setCookie( 'forceHTTPS', 'true', $session->shouldRememberUser() ? 0 : null,
- array( 'prefix' => '', 'secure' => false ) + $options );
+
+ $forceHTTPS = $session->shouldForceHTTPS() || $user->requiresHTTPS();
+ if ( $forceHTTPS ) {
$options['secure'] = true;
}
}
}
+ $this->setForceHTTPSCookie( $forceHTTPS, $session, $request );
$this->setLoggedOutCookie( $session->getLoggedOutTimestamp(), $request );
if ( $sessionData ) {
$response->clearCookie( $key, $this->cookieOptions );
}
- $response->clearCookie( 'forceHTTPS',
- array( 'prefix' => '', 'secure' => false ) + $this->cookieOptions );
+ $this->setForceHTTPSCookie( false, null, $request );
+ }
+
+ /**
+ * Set the "forceHTTPS" cookie
+ * @param bool $set Whether the cookie should be set or not
+ * @param SessionBackend|null $backend
+ * @param WebRequest $request
+ */
+ protected function setForceHTTPSCookie(
+ $set, SessionBackend $backend = null, WebRequest $request
+ ) {
+ $response = $request->response();
+ if ( $set ) {
+ $response->setCookie( 'forceHTTPS', 'true', $backend->shouldRememberUser() ? 0 : null,
+ array( 'prefix' => '', 'secure' => false ) + $this->cookieOptions );
+ } else {
+ $response->clearCookie( 'forceHTTPS',
+ array( 'prefix' => '', 'secure' => false ) + $this->cookieOptions );
+ }
}
/**
$this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
$this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
- $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
// Logged-in user, no remember
$this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
$this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
- $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
// Logged-in user, remember
'value' => $remember ? $user->getToken() : '',
'expire' => $remember ? $extendedExpiry : -31536000,
) + $defaults,
- 'forceHTTPS' => !$secure ? null : array(
- 'value' => 'true',
+ 'forceHTTPS' => array(
+ 'value' => $secure ? 'true' : '',
'secure' => false,
- 'expire' => $remember ? $defaults['expire'] : null,
+ 'expire' => $secure ? $remember ? $defaults['expire'] : 0 : -31536000,
) + $defaults,
);
foreach ( $expect as $key => $value ) {
$this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
$this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
- $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( array(), $backend->getData() );
$provider->persistSession( $backend, $this->getSentRequest() );
$this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
$this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
$this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
- $this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
+ $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
$this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );
$this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );
$this->assertEquals( array(