Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit d3eeb83

Browse filesBrowse files
committed
bug #44752 [Security/Http] Fix cookie clearing on logout (maxhelias)
This PR was merged into the 5.3 branch. Discussion ---------- [Security/Http] Fix cookie clearing on logout | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - I think this was forgotten or a merge issue when the component was refactored : - Original PR : #36252 - PR that added this file : #36243 (comment) Commits ------- d1aa32a [Security/Http] Fix cookie clearing on logout
2 parents 4d4d706 + d1aa32a commit d3eeb83
Copy full SHA for d3eeb83

File tree

2 files changed

+57
-1
lines changed
Filter options

2 files changed

+57
-1
lines changed

‎src/Symfony/Component/Security/Http/EventListener/CookieClearingLogoutListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/EventListener/CookieClearingLogoutListener.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public function onLogout(LogoutEvent $event): void
4040
}
4141

4242
foreach ($this->cookies as $cookieName => $cookieData) {
43-
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
43+
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null);
4444
}
4545
}
4646

+56Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Http\Tests\EventListener;
13+
14+
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\HttpFoundation\Cookie;
16+
use Symfony\Component\HttpFoundation\Request;
17+
use Symfony\Component\HttpFoundation\Response;
18+
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
19+
use Symfony\Component\Security\Http\Event\LogoutEvent;
20+
use Symfony\Component\Security\Http\EventListener\CookieClearingLogoutListener;
21+
22+
class CookieClearingLogoutListenerTest extends TestCase
23+
{
24+
public function testLogout()
25+
{
26+
$response = new Response();
27+
$event = new LogoutEvent(new Request(), null);
28+
$event->setResponse($response);
29+
30+
$listener = new CookieClearingLogoutListener(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT], 'foo2' => ['path' => null, 'domain' => null]]);
31+
32+
$cookies = $response->headers->getCookies();
33+
$this->assertCount(0, $cookies);
34+
35+
$listener->onLogout($event);
36+
37+
$cookies = $response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
38+
$this->assertCount(2, $cookies);
39+
40+
$cookie = $cookies['foo.foo']['/foo']['foo'];
41+
$this->assertEquals('foo', $cookie->getName());
42+
$this->assertEquals('/foo', $cookie->getPath());
43+
$this->assertEquals('foo.foo', $cookie->getDomain());
44+
$this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
45+
$this->assertTrue($cookie->isSecure());
46+
$this->assertTrue($cookie->isCleared());
47+
48+
$cookie = $cookies['']['/']['foo2'];
49+
$this->assertStringStartsWith('foo2', $cookie->getName());
50+
$this->assertEquals('/', $cookie->getPath());
51+
$this->assertNull($cookie->getDomain());
52+
$this->assertNull($cookie->getSameSite());
53+
$this->assertFalse($cookie->isSecure());
54+
$this->assertTrue($cookie->isCleared());
55+
}
56+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.