You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Normally, i.e. in production mode, real HTTP clients need to include the session cookie into their request such that an API backend written in Laravel can recognize the session. During unit testing this does not seem to be necessary. Subsequent requests inside the same test method magically share the same session even if the session cookie is not passed around explicitly.
I assume this is fine for most test cases because it allows to write test code like this
classMyTestextendsTestCase {
publictestSomething(): void {
$this->postJson('api/login', ['user' => 'john', 'password' => 'my-secret']);
// The following requests all share the same session with the first request// and hence are authenticated for "john" without explicitly passing the// session cookie which helps avoiding boiler-plate code$this->postJson('api/doFoo', [/* parameters for foo */]);
$this->postJson('api/doBar', [/* parameters for bar */]);
$this->postJson('api/logout');
}
}
Even more astonishing: Even though the middleware StartSession generates different session IDs for each request and hence every request uses a different session from a technical view point, all these different sessions end up to somehow "inherit" the attribute-value pairs of the previous session.
However, this "auto-magical" behavior is prohibitive if one wants to implement security-related tests which are supposed to ensure that certain things do not accidentally leak between different sessions.
In this case one needs to be able to explicitly pass the session and also use different sessions within the same test method.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Normally, i.e. in production mode, real HTTP clients need to include the session cookie into their request such that an API backend written in Laravel can recognize the session. During unit testing this does not seem to be necessary. Subsequent requests inside the same test method magically share the same session even if the session cookie is not passed around explicitly.
I assume this is fine for most test cases because it allows to write test code like this
Even more astonishing: Even though the middleware
StartSession
generates different session IDs for each request and hence every request uses a different session from a technical view point, all these different sessions end up to somehow "inherit" the attribute-value pairs of the previous session.However, this "auto-magical" behavior is prohibitive if one wants to implement security-related tests which are supposed to ensure that certain things do not accidentally leak between different sessions.
In this case one needs to be able to explicitly pass the session and also use different sessions within the same test method.
How do I do that?
Beta Was this translation helpful? Give feedback.
All reactions