reworked deleting already deleted session test case

ibexa · Jun 4, 2024 · 292d7dc · 292d7dc
1 parent 363f36d
commit 292d7dc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/src/lib/Server/Controller/SessionController.php b/src/lib/Server/Controller/SessionController.php
@@ -114,7 +114,7 @@ public function refreshSessionAction($sessionId, Request $request)
 
         $session = $request->getSession();
 
-        if ($session === null || !$session->isStarted() || $session->getId() != $sessionId || !$this->hasStoredCsrfToken()) {
+        if ($session === null || !$session->isStarted() || $session->getId() !== $sessionId || !$this->hasStoredCsrfToken()) {
             return $this->logout($request);
         }
 

diff --git a/tests/bundle/Functional/SessionTest.php b/tests/bundle/Functional/SessionTest.php
@@ -142,14 +142,17 @@ public function testLoginWithExistingFrontendSession(): void
     public function testDeleteSessionExpired(): void
     {
         $session = $this->login();
+        $deleteSessionRequest = $this->createDeleteRequest($session);
 
-        $this->sendHttpRequest($this->createDeleteRequest($session));
+        $response = $this->sendHttpRequest($deleteSessionRequest);
 
-        //triggered again to make sure deleting already deleted session is not possible
-        $response = $this->sendHttpRequest($this->createDeleteRequest($session));
+        self::assertHttpResponseCodeEquals($response, 204);
+        self::assertHttpResponseDeletesSessionCookie($session, $response);
+
+        //triggered again to make sure deleting already deleted session results in 404
+        $response = $this->sendHttpRequest($deleteSessionRequest);
 
         self::assertHttpResponseCodeEquals($response, 404);
-        self::assertHttpResponseDeletesSessionCookie($session, $response);
     }
 
     protected function createRefreshRequest(stdClass $session): RequestInterface