Revision history for Perl extension Catalyst::Plugin::Session
- - Add a test case to prove that logging in with a session cookie still causes
- a new cookie to be issued for you, proving that the code is not vulnerable
- to a session fixation attack.
+ - Add the verify_user_agent config parameter (kmx)
+ - Add a test case to prove that logging in with a session cookie still
+ causes a new cookie to be issued for you, proving that the code is
+ not vulnerable to a session fixation attack. (t0m)
0.22 2009-05-13
- INSANE HACK to ensure B::Hooks::EndOfScope inlines us a new method right now
+++ /dev/null
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-
-use Test::More;
-
-BEGIN {
- eval { require Catalyst::Plugin::Session::State::Cookie; Catalyst::Plugin::Session::State::Cookie->VERSION(0.03) }
- or plan skip_all =>
- "Catalyst::Plugin::Session::State::Cookie 0.03 or higher is required for this test";
-
- eval { require Test::WWW::Mechanize::Catalyst }
- or plan skip_all =>
- "Test::WWW::Mechanize::Catalyst is required for this test";
-
- plan tests => 12;
-}
-
-use lib "t/lib";
-use Test::WWW::Mechanize::Catalyst "SessionTestApp";
-
-my $ua = Test::WWW::Mechanize::Catalyst->new( { agent => 'Initial user_agent'} );
-$ua->get_ok( "http://localhost/user_agent", "get initial user_agent" );
-$ua->content_contains( "UA=Initial user_agent", "test initial user_agent" );
-
-$ua->get_ok( "http://localhost/page", "initial get main page" );
-$ua->content_contains( "please login", "ua not logged in" );
-
-$ua->get_ok( "http://localhost/login", "log ua in" );
-$ua->content_contains( "logged in", "ua logged in" );
-
-$ua->get_ok( "http://localhost/page", "get main page" );
-$ua->content_contains( "you are logged in", "ua logged in" );
-
-$ua->agent('Changed user_agent');
-$ua->get_ok( "http://localhost/user_agent", "get changed user_agent" );
-$ua->content_contains( "UA=Changed user_agent", "test changed user_agent" );
-
-$ua->get_ok( "http://localhost/page", "test deleted session" );
-$ua->content_contains( "please login", "ua not logged in" );