Commit | Line | Data |
73d1f3a2 |
1 | #!/usr/bin/perl |
2 | |
3 | use strict; |
4 | use warnings; |
5 | |
6 | use Test::More; |
e108bc2c |
7 | use Data::Dumper; |
73d1f3a2 |
8 | |
9 | BEGIN { |
10 | eval { require Catalyst::Plugin::Session::State::Cookie; Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) } |
11 | or plan skip_all => |
12 | "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for this test"; |
13 | |
f8f81744 |
14 | eval { |
15 | require Test::WWW::Mechanize::Catalyst; |
16 | Test::WWW::Mechanize::Catalyst->VERSION(0.51); |
17 | } |
18 | or plan skip_all => |
19 | 'Test::WWW::Mechanize::Catalyst >= 0.51 is required for this test'; |
73d1f3a2 |
20 | |
0ade68bd |
21 | plan tests => 10; |
73d1f3a2 |
22 | } |
23 | |
24 | use lib "t/lib"; |
25 | use Test::WWW::Mechanize::Catalyst "SessionTestApp"; |
26 | |
e108bc2c |
27 | #try completely random cookie unknown for our application; should be rejected |
73d1f3a2 |
28 | my $injected_cookie = "sessiontestapp_session=89c3a019866af6f5a305e10189fbb23df3f4772c"; |
29 | |
30 | my $ua1 = Test::WWW::Mechanize::Catalyst->new; |
31 | $ua1->add_header('Cookie' => $injected_cookie); |
32 | |
33 | my $res = $ua1->get( "http://localhost/login" ); |
e108bc2c |
34 | my $cookie1 = $res->header('Set-Cookie'); |
73d1f3a2 |
35 | |
e108bc2c |
36 | ok $cookie1, "Set-Cookie 1"; |
37 | isnt $cookie1, qr/$injected_cookie/, "Logging in generates us a new cookie"; |
73d1f3a2 |
38 | |
e108bc2c |
39 | $ua1->get( "http://localhost/get_sessid" ); |
40 | my $sid1 = $ua1->content; |
41 | |
42 | #set session variable var1 before session id change |
43 | $ua1->get( "http://localhost/set_session_variable/var1/set_before_change"); |
44 | $ua1->get( "http://localhost/get_session_variable/var1"); |
45 | $ua1->content_is("VAR_var1=set_before_change"); |
46 | |
47 | #just diagnostic dump |
48 | $ua1->get( "http://localhost/dump_session" ); |
49 | #diag "Before-change:".$ua1->content; |
50 | |
51 | #change session id; all session data should be kept; old session id invalidated |
52 | my $res2 = $ua1->get( "http://localhost/change_sessid" ); |
53 | my $cookie2 = $res2->header('Set-Cookie'); |
54 | |
55 | ok $cookie2, "Set-Cookie 2"; |
56 | isnt $cookie2, $cookie1, "Cookie changed"; |
57 | |
58 | $ua1->get( "http://localhost/get_sessid" ); |
59 | my $sid2 = $ua1->content; |
60 | isnt $sid2, $sid1, 'SID changed'; |
61 | |
62 | #just diagnostic dump |
63 | $ua1->get( "http://localhost/dump_session" ); |
64 | #diag "After-change:".$ua1->content; |
65 | |
66 | #set session variable var2 after session id change |
67 | $ua1->get( "http://localhost/set_session_variable/var2/set_after_change"); |
68 | |
69 | #check if var1 and var2 contain expected values |
70 | $ua1->get( "http://localhost/get_session_variable/var1"); |
71 | $ua1->content_is("VAR_var1=set_before_change"); |
72 | $ua1->get( "http://localhost/get_session_variable/var2"); |
73 | $ua1->content_is("VAR_var2=set_after_change"); |
74 | |
75 | #just diagnostic dump |
76 | $ua1->get( "http://localhost/dump_session" ); |
77 | #diag "End1:".$ua1->content; |
78 | |
79 | #try to use old cookie value (before session_id_change) |
80 | my $ua2 = Test::WWW::Mechanize::Catalyst->new; |
81 | $ua2->add_header('Cookie' => $cookie1); |
82 | |
83 | #if we take old cookie we should not be able to get any old session data |
84 | $ua2->get( "http://localhost/get_session_variable/var1"); |
85 | $ua2->content_is("VAR_var1=n.a."); |
86 | $ua2->get( "http://localhost/get_session_variable/var2"); |
87 | $ua2->content_is("VAR_var2=n.a."); |
88 | |
89 | #just diagnostic dump |
90 | $ua2->get( "http://localhost/dump_session" ); |
91 | #diag "End2:".$ua2->content; |