symfony: [Session][Test] Configured cookie domain is not set

I’m having troubles doing functional testing with multiple domains. It’s a bit tricky, but I’ll try to explain:

BrowserKit puts cookies in a CookieJar, in a domain[path][cookie] hierarchy. The values for these 3 keys are obtained from Cookie objects, which is created by the TestSessionListener.

Herein lies the problem: the cookie params are obtained via session_get_cookie_params, which uses the php-ini cookie values. Normally these are properly set in the NativeSessionStorage, not so much in the MockArraySessionStorage. This in turn leads to all sorts of problems when testing features that require cookies on a subdomain, for example when you have a “my.domain.org” subdomain.

/cc @drak I believe you are the session-expert for Symfony 😉, do you have any ideas about this?

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 16 (9 by maintainers)

Most upvoted comments

@drak I think the mock version of the storage should also use the cookie_* options of the session to build its mocked storage. Otherwise, we will indeed face issue when needing to set the session cookie for a less specific domain

+1
stof on Oct 4, 2014

I’m using the standard test configuration, mostly:

(this is not the complete config, obviously, only the relevant parts)

# app/config/config.yml
framework:
  session:
    cookie_domain: .domain.org

# app/config/config.yml
framework:
  test: ~
  session:
    storage_id: session.storage.mock_file

# app/config/security.yml
security:
  firewalls:
    main:
      host: (.*\.)?domain.org
      form_login: ~
      remember_me:
        domain: .domain.org

What I’m trying to do, via Behat/Mink is testing a simple login process:

  Scenario: Log in with email and password
    # http://domain.org/
    Given I am on the home page
    # http://my.domain.org/login/
    And I follow "Login"
    When I fill in the following:
      | Email | foo@bar.com |
      | Password | 1234 |
    And I press "Login"
    # http://domain.org/
    Then I should be on the home page
    # fails: not logged in
    And I should see "Logout"

While debugging, I see that the cookiejar has cookies for 3 domains:

domain.org
.domain.org # this is the remember-me cookie
my.domain.org

Since session_get_cookie_params() is used in the TestSessionListener, and the params are not set, the domain is used from the current request. This explains the 3 domains. When I test in a browser this is only the .domain.org domain, and it works properly. The test passes if I manually set cookie_domain to .domain.org right before session_get_cookie_params() is used.

Hopefully this explains it better, normally I’d write a clean test case which demonstrates this but this is not quite easy to set up, I’ll need some time to do so.

+1
pkruithof on Oct 2, 2014
Read more comments on GitHub
← symfony: [Session][Test] Cannot set session ID after the session has started.
symfony: SF4 Deployment to Prod "Script cache:clear returned with error code 255" →