3 namespace MediaWiki\Session
;
11 * @covers MediaWiki\Session\CookieSessionProvider
13 class CookieSessionProviderTest
extends MediaWikiTestCase
{
15 private function getConfig() {
16 global $wgCookieExpiration;
17 return new \
HashConfig( array(
18 'CookiePrefix' => 'CookiePrefix',
19 'CookiePath' => 'CookiePath',
20 'CookieDomain' => 'CookieDomain',
21 'CookieSecure' => true,
22 'CookieHttpOnly' => true,
23 'SessionName' => false,
24 'ExtendedLoginCookies' => array( 'UserID', 'Token' ),
25 'ExtendedLoginCookieExpiration' => $wgCookieExpiration * 2,
29 public function testConstructor() {
31 new CookieSessionProvider();
32 $this->fail( 'Expected exception not thrown' );
33 } catch ( \InvalidArgumentException
$ex ) {
35 'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
41 new CookieSessionProvider( array( 'priority' => 'foo' ) );
42 $this->fail( 'Expected exception not thrown' );
43 } catch ( \InvalidArgumentException
$ex ) {
45 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
50 new CookieSessionProvider( array( 'priority' => SessionInfo
::MIN_PRIORITY
- 1 ) );
51 $this->fail( 'Expected exception not thrown' );
52 } catch ( \InvalidArgumentException
$ex ) {
54 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
59 new CookieSessionProvider( array( 'priority' => SessionInfo
::MAX_PRIORITY +
1 ) );
60 $this->fail( 'Expected exception not thrown' );
61 } catch ( \InvalidArgumentException
$ex ) {
63 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
69 new CookieSessionProvider( array( 'priority' => 1, 'cookieOptions' => null ) );
70 $this->fail( 'Expected exception not thrown' );
71 } catch ( \InvalidArgumentException
$ex ) {
73 'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
78 $config = $this->getConfig();
79 $p = \TestingAccessWrapper
::newFromObject(
80 new CookieSessionProvider( array( 'priority' => 1 ) )
82 $p->setLogger( new \
TestLogger() );
83 $p->setConfig( $config );
84 $this->assertEquals( 1, $p->priority
);
85 $this->assertEquals( array(
86 'callUserSetCookiesHook' => false,
87 'sessionName' => 'CookiePrefix_session',
89 $this->assertEquals( array(
90 'prefix' => 'CookiePrefix',
91 'path' => 'CookiePath',
92 'domain' => 'CookieDomain',
95 ), $p->cookieOptions
);
97 $config->set( 'SessionName', 'SessionName' );
98 $p = \TestingAccessWrapper
::newFromObject(
99 new CookieSessionProvider( array( 'priority' => 3 ) )
101 $p->setLogger( new \
TestLogger() );
102 $p->setConfig( $config );
103 $this->assertEquals( 3, $p->priority
);
104 $this->assertEquals( array(
105 'callUserSetCookiesHook' => false,
106 'sessionName' => 'SessionName',
108 $this->assertEquals( array(
109 'prefix' => 'CookiePrefix',
110 'path' => 'CookiePath',
111 'domain' => 'CookieDomain',
114 ), $p->cookieOptions
);
116 $p = \TestingAccessWrapper
::newFromObject( new CookieSessionProvider( array(
118 'callUserSetCookiesHook' => true,
119 'cookieOptions' => array(
120 'prefix' => 'XPrefix',
122 'domain' => 'XDomain',
123 'secure' => 'XSecure',
124 'httpOnly' => 'XHttpOnly',
126 'sessionName' => 'XSession',
128 $p->setLogger( new \
TestLogger() );
129 $p->setConfig( $config );
130 $this->assertEquals( 10, $p->priority
);
131 $this->assertEquals( array(
132 'callUserSetCookiesHook' => true,
133 'sessionName' => 'XSession',
135 $this->assertEquals( array(
136 'prefix' => 'XPrefix',
138 'domain' => 'XDomain',
139 'secure' => 'XSecure',
140 'httpOnly' => 'XHttpOnly',
141 ), $p->cookieOptions
);
144 public function testBasics() {
145 $provider = new CookieSessionProvider( array( 'priority' => 10 ) );
147 $this->assertTrue( $provider->persistsSessionID() );
148 $this->assertTrue( $provider->canChangeUser() );
150 $msg = $provider->whyNoSession();
151 $this->assertInstanceOf( 'Message', $msg );
152 $this->assertSame( 'sessionprovider-nocookies', $msg->getKey() );
155 public function testProvideSessionInfo() {
158 'sessionName' => 'session',
159 'cookieOptions' => array( 'prefix' => 'x' ),
161 $provider = new CookieSessionProvider( $params );
162 $provider->setLogger( new \
TestLogger() );
163 $provider->setConfig( $this->getConfig() );
164 $provider->setManager( new SessionManager() );
166 $user = User
::newFromName( 'UTSysop' );
167 $id = $user->getId();
168 $name = $user->getName();
169 $token = $user->getToken( true );
171 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
174 $request = new \
FauxRequest();
175 $info = $provider->provideSessionInfo( $request );
176 $this->assertNull( $info );
179 $request = new \
FauxRequest();
180 $request->setCookies( array(
181 'session' => $sessionId,
183 $info = $provider->provideSessionInfo( $request );
184 $this->assertNotNull( $info );
185 $this->assertSame( $params['priority'], $info->getPriority() );
186 $this->assertSame( $sessionId, $info->getId() );
187 $this->assertNotNull( $info->getUserInfo() );
188 $this->assertSame( 0, $info->getUserInfo()->getId() );
189 $this->assertNull( $info->getUserInfo()->getName() );
190 $this->assertFalse( $info->forceHTTPS() );
192 // User, no session key
193 $request = new \
FauxRequest();
194 $request->setCookies( array(
198 $info = $provider->provideSessionInfo( $request );
199 $this->assertNotNull( $info );
200 $this->assertSame( $params['priority'], $info->getPriority() );
201 $this->assertNotSame( $sessionId, $info->getId() );
202 $this->assertNotNull( $info->getUserInfo() );
203 $this->assertSame( $id, $info->getUserInfo()->getId() );
204 $this->assertSame( $name, $info->getUserInfo()->getName() );
205 $this->assertFalse( $info->forceHTTPS() );
207 // User and session key
208 $request = new \
FauxRequest();
209 $request->setCookies( array(
210 'session' => $sessionId,
214 $info = $provider->provideSessionInfo( $request );
215 $this->assertNotNull( $info );
216 $this->assertSame( $params['priority'], $info->getPriority() );
217 $this->assertSame( $sessionId, $info->getId() );
218 $this->assertNotNull( $info->getUserInfo() );
219 $this->assertSame( $id, $info->getUserInfo()->getId() );
220 $this->assertSame( $name, $info->getUserInfo()->getName() );
221 $this->assertFalse( $info->forceHTTPS() );
223 // User with bad token
224 $request = new \
FauxRequest();
225 $request->setCookies( array(
226 'session' => $sessionId,
228 'xToken' => 'BADTOKEN',
230 $info = $provider->provideSessionInfo( $request );
231 $this->assertNull( $info );
233 // User id with no token
234 $request = new \
FauxRequest();
235 $request->setCookies( array(
236 'session' => $sessionId,
239 $info = $provider->provideSessionInfo( $request );
240 $this->assertNotNull( $info );
241 $this->assertSame( $params['priority'], $info->getPriority() );
242 $this->assertSame( $sessionId, $info->getId() );
243 $this->assertNotNull( $info->getUserInfo() );
244 $this->assertFalse( $info->getUserInfo()->isVerified() );
245 $this->assertSame( $id, $info->getUserInfo()->getId() );
246 $this->assertSame( $name, $info->getUserInfo()->getName() );
247 $this->assertFalse( $info->forceHTTPS() );
249 $request = new \
FauxRequest();
250 $request->setCookies( array(
253 $info = $provider->provideSessionInfo( $request );
254 $this->assertNull( $info );
256 // User and session key, with forceHTTPS flag
257 $request = new \
FauxRequest();
258 $request->setCookies( array(
259 'session' => $sessionId,
262 'forceHTTPS' => true,
264 $info = $provider->provideSessionInfo( $request );
265 $this->assertNotNull( $info );
266 $this->assertSame( $params['priority'], $info->getPriority() );
267 $this->assertSame( $sessionId, $info->getId() );
268 $this->assertNotNull( $info->getUserInfo() );
269 $this->assertSame( $id, $info->getUserInfo()->getId() );
270 $this->assertSame( $name, $info->getUserInfo()->getName() );
271 $this->assertTrue( $info->forceHTTPS() );
274 $request = new \
FauxRequest();
275 $request->setCookies( array(
276 'session' => $sessionId,
279 $info = $provider->provideSessionInfo( $request );
280 $this->assertNull( $info );
282 // User id with matching name
283 $request = new \
FauxRequest();
284 $request->setCookies( array(
285 'session' => $sessionId,
287 'xUserName' => $name,
289 $info = $provider->provideSessionInfo( $request );
290 $this->assertNotNull( $info );
291 $this->assertSame( $params['priority'], $info->getPriority() );
292 $this->assertSame( $sessionId, $info->getId() );
293 $this->assertNotNull( $info->getUserInfo() );
294 $this->assertFalse( $info->getUserInfo()->isVerified() );
295 $this->assertSame( $id, $info->getUserInfo()->getId() );
296 $this->assertSame( $name, $info->getUserInfo()->getName() );
297 $this->assertFalse( $info->forceHTTPS() );
299 // User id with wrong name
300 $request = new \
FauxRequest();
301 $request->setCookies( array(
302 'session' => $sessionId,
304 'xUserName' => 'Wrong',
306 $info = $provider->provideSessionInfo( $request );
307 $this->assertNull( $info );
310 public function testGetVaryCookies() {
311 $provider = new CookieSessionProvider( array(
313 'sessionName' => 'MySessionName',
314 'cookieOptions' => array( 'prefix' => 'MyCookiePrefix' ),
316 $this->assertArrayEquals( array(
317 'MyCookiePrefixToken',
318 'MyCookiePrefixLoggedOut',
321 ), $provider->getVaryCookies() );
324 public function testSuggestLoginUsername() {
325 $provider = new CookieSessionProvider( array(
327 'sessionName' => 'MySessionName',
328 'cookieOptions' => array( 'prefix' => 'x' ),
331 $request = new \
FauxRequest();
332 $this->assertEquals( null, $provider->suggestLoginUsername( $request ) );
334 $request->setCookies( array(
335 'xUserName' => 'Example',
337 $this->assertEquals( 'Example', $provider->suggestLoginUsername( $request ) );
340 public function testPersistSession() {
341 $this->setMwGlobals( array( 'wgCookieExpiration' => 100 ) );
343 $provider = new CookieSessionProvider( array(
345 'sessionName' => 'MySessionName',
346 'callUserSetCookiesHook' => false,
347 'cookieOptions' => array( 'prefix' => 'x' ),
349 $config = $this->getConfig();
350 $provider->setLogger( new \
TestLogger() );
351 $provider->setConfig( $config );
352 $provider->setManager( SessionManager
::singleton() );
354 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
355 $store = new TestBagOStuff();
356 $user = User
::newFromName( 'UTSysop' );
359 $backend = new SessionBackend(
360 new SessionId( $sessionId ),
361 new SessionInfo( SessionInfo
::MIN_PRIORITY
, array(
362 'provider' => $provider,
368 new \Psr\Log\
NullLogger(),
371 \TestingAccessWrapper
::newFromObject( $backend )->usePhpSessionHandling
= false;
373 $mock = $this->getMock( 'stdClass', array( 'onUserSetCookies' ) );
374 $mock->expects( $this->never() )->method( 'onUserSetCookies' );
375 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'UserSetCookies' => array( $mock ) ) );
378 $backend->setUser( $anon );
379 $backend->setRememberUser( true );
380 $backend->setForceHTTPS( false );
381 $request = new \
FauxRequest();
382 $provider->persistSession( $backend, $request );
383 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
384 $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
385 $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
386 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
387 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
388 $this->assertSame( array(), $backend->getData() );
390 // Logged-in user, no remember
391 $backend->setUser( $user );
392 $backend->setRememberUser( false );
393 $backend->setForceHTTPS( false );
394 $request = new \
FauxRequest();
395 $provider->persistSession( $backend, $request );
396 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
397 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
398 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
399 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
400 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
401 $this->assertSame( array(), $backend->getData() );
403 // Logged-in user, remember
404 $backend->setUser( $user );
405 $backend->setRememberUser( true );
406 $backend->setForceHTTPS( true );
407 $request = new \
FauxRequest();
409 $provider->persistSession( $backend, $request );
410 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
411 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
412 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
413 $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );
414 $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
415 $this->assertSame( array(), $backend->getData() );
419 * @dataProvider provideCookieData
420 * @param bool $secure
421 * @param bool $remember
423 public function testCookieData( $secure, $remember ) {
424 $this->setMwGlobals( array(
425 'wgCookieExpiration' => 100,
426 'wgSecureLogin' => false,
429 $provider = new CookieSessionProvider( array(
431 'sessionName' => 'MySessionName',
432 'callUserSetCookiesHook' => false,
433 'cookieOptions' => array( 'prefix' => 'x' ),
435 $config = $this->getConfig();
436 $config->set( 'CookieSecure', $secure );
437 $provider->setLogger( new \
TestLogger() );
438 $provider->setConfig( $config );
439 $provider->setManager( SessionManager
::singleton() );
441 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
442 $user = User
::newFromName( 'UTSysop' );
443 $this->assertFalse( $user->requiresHTTPS(), 'sanity check' );
445 $backend = new SessionBackend(
446 new SessionId( $sessionId ),
447 new SessionInfo( SessionInfo
::MIN_PRIORITY
, array(
448 'provider' => $provider,
454 new \Psr\Log\
NullLogger(),
457 \TestingAccessWrapper
::newFromObject( $backend )->usePhpSessionHandling
= false;
458 $backend->setUser( $user );
459 $backend->setRememberUser( $remember );
460 $backend->setForceHTTPS( $secure );
461 $request = new \
FauxRequest();
463 $provider->persistSession( $backend, $request );
466 'expire' => (int)100,
467 'path' => $config->get( 'CookiePath' ),
468 'domain' => $config->get( 'CookieDomain' ),
470 'httpOnly' => $config->get( 'CookieHttpOnly' ),
473 $extendedExpiry = $config->get( 'ExtendedLoginCookieExpiration' );
474 $extendedExpiry = (int)( $extendedExpiry === null ?
0 : $extendedExpiry );
475 $this->assertEquals( array( 'UserID', 'Token' ), $config->get( 'ExtendedLoginCookies' ),
478 'MySessionName' => array(
479 'value' => (string)$sessionId,
483 'value' => (string)$user->getId(),
484 'expire' => $extendedExpiry,
486 'xUserName' => array(
487 'value' => $user->getName(),
490 'value' => $remember ?
$user->getToken() : '',
491 'expire' => $remember ?
$extendedExpiry : -31536000,
493 'forceHTTPS' => array(
494 'value' => $secure ?
'true' : '',
496 'expire' => $secure ?
$remember ?
$defaults['expire'] : 0 : -31536000,
499 foreach ( $expect as $key => $value ) {
500 $actual = $request->response()->getCookieData( $key );
501 if ( $actual && $actual['expire'] > 0 ) {
502 // Round expiry so we don't randomly fail if the seconds ticked during the test.
503 $actual['expire'] = round( $actual['expire'] - $time, -2 );
505 $this->assertEquals( $value, $actual, "Cookie $key" );
509 public static function provideCookieData() {
511 array( false, false ),
512 array( false, true ),
513 array( true, false ),
518 protected function getSentRequest() {
519 $sentResponse = $this->getMock( 'FauxResponse', array( 'headersSent', 'setCookie', 'header' ) );
520 $sentResponse->expects( $this->any() )->method( 'headersSent' )
521 ->will( $this->returnValue( true ) );
522 $sentResponse->expects( $this->never() )->method( 'setCookie' );
523 $sentResponse->expects( $this->never() )->method( 'header' );
525 $sentRequest = $this->getMock( 'FauxRequest', array( 'response' ) );
526 $sentRequest->expects( $this->any() )->method( 'response' )
527 ->will( $this->returnValue( $sentResponse ) );
531 public function testPersistSessionWithHook() {
534 $provider = new CookieSessionProvider( array(
536 'sessionName' => 'MySessionName',
537 'callUserSetCookiesHook' => true,
538 'cookieOptions' => array( 'prefix' => 'x' ),
540 $provider->setLogger( new \Psr\Log\
NullLogger() );
541 $provider->setConfig( $this->getConfig() );
542 $provider->setManager( SessionManager
::singleton() );
544 $sessionId = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
545 $store = new TestBagOStuff();
546 $user = User
::newFromName( 'UTSysop' );
549 $backend = new SessionBackend(
550 new SessionId( $sessionId ),
551 new SessionInfo( SessionInfo
::MIN_PRIORITY
, array(
552 'provider' => $provider,
558 new \Psr\Log\
NullLogger(),
561 \TestingAccessWrapper
::newFromObject( $backend )->usePhpSessionHandling
= false;
564 $mock = $this->getMock( 'stdClass', array( 'onUserSetCookies' ) );
565 $mock->expects( $this->never() )->method( 'onUserSetCookies' );
566 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'UserSetCookies' => array( $mock ) ) );
567 $backend->setUser( $anon );
568 $backend->setRememberUser( true );
569 $backend->setForceHTTPS( false );
570 $request = new \
FauxRequest();
571 $provider->persistSession( $backend, $request );
572 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
573 $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
574 $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
575 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
576 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
577 $this->assertSame( array(), $backend->getData() );
579 $provider->persistSession( $backend, $this->getSentRequest() );
581 // Logged-in user, no remember
582 $mock = $this->getMock( __CLASS__
, array( 'onUserSetCookies' ) );
583 $mock->expects( $this->once() )->method( 'onUserSetCookies' )
584 ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $that, $user ) {
585 $that->assertSame( $user, $u );
586 $that->assertEquals( array(
587 'wsUserID' => $user->getId(),
588 'wsUserName' => $user->getName(),
589 'wsToken' => $user->getToken(),
591 $that->assertEquals( array(
592 'UserID' => $user->getId(),
593 'UserName' => $user->getName(),
597 $sessionData['foo'] = 'foo!';
598 $cookies['bar'] = 'bar!';
601 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'UserSetCookies' => array( $mock ) ) );
602 $backend->setUser( $user );
603 $backend->setRememberUser( false );
604 $backend->setForceHTTPS( false );
605 $backend->setLoggedOutTimestamp( $loggedOut = time() );
606 $request = new \
FauxRequest();
607 $provider->persistSession( $backend, $request );
608 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
609 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
610 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
611 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
612 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
613 $this->assertSame( 'bar!', $request->response()->getCookie( 'xbar' ) );
614 $this->assertSame( (string)$loggedOut, $request->response()->getCookie( 'xLoggedOut' ) );
615 $this->assertEquals( array(
616 'wsUserID' => $user->getId(),
617 'wsUserName' => $user->getName(),
618 'wsToken' => $user->getToken(),
620 ), $backend->getData() );
622 $provider->persistSession( $backend, $this->getSentRequest() );
624 // Logged-in user, remember
625 $mock = $this->getMock( __CLASS__
, array( 'onUserSetCookies' ) );
626 $mock->expects( $this->once() )->method( 'onUserSetCookies' )
627 ->will( $this->returnCallback( function ( $u, &$sessionData, &$cookies ) use ( $that, $user ) {
628 $that->assertSame( $user, $u );
629 $that->assertEquals( array(
630 'wsUserID' => $user->getId(),
631 'wsUserName' => $user->getName(),
632 'wsToken' => $user->getToken(),
634 $that->assertEquals( array(
635 'UserID' => $user->getId(),
636 'UserName' => $user->getName(),
637 'Token' => $user->getToken(),
640 $sessionData['foo'] = 'foo 2!';
641 $cookies['bar'] = 'bar 2!';
644 $this->mergeMwGlobalArrayValue( 'wgHooks', array( 'UserSetCookies' => array( $mock ) ) );
645 $backend->setUser( $user );
646 $backend->setRememberUser( true );
647 $backend->setForceHTTPS( true );
648 $backend->setLoggedOutTimestamp( 0 );
649 $request = new \
FauxRequest();
650 $provider->persistSession( $backend, $request );
651 $this->assertSame( $sessionId, $request->response()->getCookie( 'MySessionName' ) );
652 $this->assertSame( (string)$user->getId(), $request->response()->getCookie( 'xUserID' ) );
653 $this->assertSame( $user->getName(), $request->response()->getCookie( 'xUserName' ) );
654 $this->assertSame( $user->getToken(), $request->response()->getCookie( 'xToken' ) );
655 $this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
656 $this->assertSame( 'bar 2!', $request->response()->getCookie( 'xbar' ) );
657 $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
658 $this->assertEquals( array(
659 'wsUserID' => $user->getId(),
660 'wsUserName' => $user->getName(),
661 'wsToken' => $user->getToken(),
663 ), $backend->getData() );
665 $provider->persistSession( $backend, $this->getSentRequest() );
668 public function testUnpersistSession() {
669 $provider = new CookieSessionProvider( array(
671 'sessionName' => 'MySessionName',
672 'cookieOptions' => array( 'prefix' => 'x' ),
674 $provider->setLogger( new \Psr\Log\
NullLogger() );
675 $provider->setConfig( $this->getConfig() );
676 $provider->setManager( SessionManager
::singleton() );
678 $request = new \
FauxRequest();
679 $provider->unpersistSession( $request );
680 $this->assertSame( '', $request->response()->getCookie( 'MySessionName' ) );
681 $this->assertSame( '', $request->response()->getCookie( 'xUserID' ) );
682 $this->assertSame( null, $request->response()->getCookie( 'xUserName' ) );
683 $this->assertSame( '', $request->response()->getCookie( 'xToken' ) );
684 $this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
686 $provider->unpersistSession( $this->getSentRequest() );
689 public function testSetLoggedOutCookie() {
690 $provider = \TestingAccessWrapper
::newFromObject( new CookieSessionProvider( array(
692 'sessionName' => 'MySessionName',
693 'cookieOptions' => array( 'prefix' => 'x' ),
695 $provider->setLogger( new \Psr\Log\
NullLogger() );
696 $provider->setConfig( $this->getConfig() );
697 $provider->setManager( SessionManager
::singleton() );
700 $t2 = time() - 86400 * 2;
703 $request = new \
FauxRequest();
704 $provider->setLoggedOutCookie( $t1, $request );
705 $this->assertSame( (string)$t1, $request->response()->getCookie( 'xLoggedOut' ) );
708 $request = new \
FauxRequest();
709 $provider->setLoggedOutCookie( $t2, $request );
710 $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
712 // Don't reset if it's already set
713 $request = new \
FauxRequest();
714 $request->setCookies( array(
717 $provider->setLoggedOutCookie( $t1, $request );
718 $this->assertSame( null, $request->response()->getCookie( 'xLoggedOut' ) );
722 * To be mocked for hooks, since PHPUnit can't otherwise mock methods that
725 public function onUserSetCookies( $user, &$sessionData, &$cookies ) {