1515use Psr \Log \LoggerInterface ;
1616use Symfony \Component \DependencyInjection \Container ;
1717use Symfony \Component \DependencyInjection \ServiceLocator ;
18+ use Symfony \Component \HttpFoundation \Cookie ;
1819use Symfony \Component \HttpFoundation \Request ;
1920use Symfony \Component \HttpFoundation \RequestStack ;
2021use Symfony \Component \HttpFoundation \Response ;
3334
3435class SessionListenerTest extends TestCase
3536{
37+ /**
38+ * @dataProvider provideSessionOptions
39+ * @runInSeparateProcess
40+ */
41+ public function testSessionCookieOptions (array $ phpSessionOptionsarray $ sessionOptionsarray $ expectedSessionOptions
42+ {
43+ $ session$ this getMockBuilder (Session::class)->disableOriginalConstructor ()->getMock ();
44+ $ sessionexpects ($ this exactly (2 ))->method ('getUsageIndex ' )->will ($ this onConsecutiveCalls (0 , 1 ));
45+ $ sessionexpects ($ this exactly (1 ))->method ('getId ' )->willReturn ('123456 ' );
46+ $ sessionexpects ($ this exactly (1 ))->method ('getName ' )->willReturn ('PHPSESSID ' );
47+ $ sessionexpects ($ this exactly (1 ))->method ('save ' );
48+ $ sessionexpects ($ this exactly (1 ))->method ('isStarted ' )->willReturn (true );
49+
50+ if (isset ($ phpSessionOptions'samesite ' ])) {
51+ ini_set ('session.cookie_samesite ' , $ phpSessionOptions'samesite ' ]);
52+ }
53+ session_set_cookie_params (0 , $ phpSessionOptions'path ' ] ?? null , $ phpSessionOptions'domain ' ] ?? null , $ phpSessionOptions'secure ' ] ?? null , $ phpSessionOptions'httponly ' ] ?? null );
54+
55+ $ containernew Container ();
56+ $ containerset ('initialized_session ' , $ session
57+
58+ $ listenernew SessionListener ($ containerfalse , $ sessionOptions
59+ $ kernel$ this getMockBuilder (HttpKernelInterface::class)->disableOriginalConstructor ()->getMock ();
60+
61+ $ requestnew Request ();
62+ $ listeneronKernelRequest (new RequestEvent ($ kernel$ requestMAIN_REQUEST ));
63+
64+ $ responsenew Response ();
65+ $ listeneronKernelResponse (new ResponseEvent ($ kernelnew Request (), HttpKernelInterface::MAIN_REQUEST , $ response
66+
67+ $ cookies$ responseheaders ->getCookies ();
68+ $ this assertSame ('PHPSESSID ' , $ cookies0 ]->getName ());
69+ $ this assertSame ('123456 ' , $ cookies0 ]->getValue ());
70+ $ this assertSame ($ expectedSessionOptions'cookie_path ' ], $ cookies0 ]->getPath ());
71+ $ this assertSame ($ expectedSessionOptions'cookie_domain ' ], $ cookies0 ]->getDomain ());
72+ $ this assertSame ($ expectedSessionOptions'cookie_secure ' ], $ cookies0 ]->isSecure ());
73+ $ this assertSame ($ expectedSessionOptions'cookie_httponly ' ], $ cookies0 ]->isHttpOnly ());
74+ $ this assertSame ($ expectedSessionOptions'cookie_samesite ' ], $ cookies0 ]->getSameSite ());
75+ }
76+
77+ public function provideSessionOptions (): \Generator
78+ {
79+ if (\PHP_VERSION_ID > 70300 ) {
80+ yield 'set_samesite_by_php ' => [
81+ 'phpSessionOptions ' => ['samesite ' => Cookie::SAMESITE_STRICT ],
82+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true ],
83+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_STRICT ],
84+ ];
85+ }
86+
87+ yield 'set_cookie_path_by_php ' => [
88+ 'phpSessionOptions ' => ['path ' => '/prod/ ' ],
89+ 'sessionOptions ' => ['cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
90+ 'expectedSessionOptions ' => ['cookie_path ' => '/prod/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
91+ ];
92+
93+ yield 'set_cookie_secure_by_php ' => [
94+ 'phpSessionOptions ' => ['secure ' => true ],
95+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
96+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
97+ ];
98+
99+ yield 'set_cookiesecure_auto_by_symfony_false_by_php ' => [
100+ 'phpSessionOptions ' => ['secure ' => false ],
101+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_httponly ' => 'auto ' , 'cookie_secure ' => 'auto ' , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
102+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => false , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
103+ ];
104+
105+ yield 'set_cookiesecure_auto_by_symfony_true_by_php ' => [
106+ 'phpSessionOptions ' => ['secure ' => true ],
107+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_httponly ' => 'auto ' , 'cookie_secure ' => 'auto ' , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
108+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
109+ ];
110+
111+ yield 'set_cookie_httponly_by_php ' => [
112+ 'phpSessionOptions ' => ['httponly ' => true ],
113+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
114+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
115+ ];
116+
117+ yield 'set_cookie_domain_by_php ' => [
118+ 'phpSessionOptions ' => ['domain ' => 'test.symfony ' ],
119+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_httponly ' => true , 'cookie_secure ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
120+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => 'test.symfony ' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
121+ ];
122+
123+ yield 'set_samesite_by_symfony ' => [
124+ 'phpSessionOptions ' => ['samesite ' => Cookie::SAMESITE_STRICT ],
125+ 'sessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_httponly ' => true , 'cookie_secure ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
126+ 'expectedSessionOptions ' => ['cookie_path ' => '/test/ ' , 'cookie_domain ' => '' , 'cookie_secure ' => true , 'cookie_httponly ' => true , 'cookie_samesite ' => Cookie::SAMESITE_LAX ],
127+ ];
128+ }
129+
36130 public function testOnlyTriggeredOnMainRequest ()
37131 {
38132 $ listener$ this getMockForAbstractClass (AbstractSessionListener::class);
@@ -160,10 +254,10 @@ public function testSessionSaveAndResponseHasSessionCookie()
160254 $ kernel$ this getMockBuilder (HttpKernelInterface::class)->disableOriginalConstructor ()->getMock ();
161255
162256 $ requestnew Request ();
163- $ listeneronKernelRequest (new RequestEvent ($ kernel$ requestMASTER_REQUEST ));
257+ $ listeneronKernelRequest (new RequestEvent ($ kernel$ requestMAIN_REQUEST ));
164258
165259 $ responsenew Response ();
166- $ listeneronKernelResponse (new ResponseEvent ($ kernelnew Request (), HttpKernelInterface::MASTER_REQUEST , $ response
260+ $ listeneronKernelResponse (new ResponseEvent ($ kernelnew Request (), HttpKernelInterface::MAIN_REQUEST , $ response
167261
168262 $ cookies$ responseheaders ->getCookies ();
169263 $ this assertSame ('PHPSESSID ' , $ cookies0 ]->getName ());
0 commit comments