8000 bug #44752 [Security/Http] Fix cookie clearing on logout (maxhelias) · symfony/symfony@d3eeb83 · GitHub
[go: up one dir, main page]
Skip to content

Commit d3eeb83

Browse files
fabpotfabpot
committed
bug #44752 [Security/Http] Fix cookie clearing on logout (maxhelias)
This PR was merged into the 5.3 branch. Discussion ---------- [Security/Http] Fix cookie clearing on logout | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - I think this was forgotten or a merge issue when the component was refactored : - Original PR : #36252 - PR that added this file : #36243 (comment) Commits ------- d1aa32a [Security/Http] Fix cookie clearing on logout
2 parents 4d4d706 + d1aa32a commit d3eeb83

File tree

2 files changed

+57
-1
lines changed

2 files changed

+57
-1
lines changed

src/Symfony/Component/Security/Http/EventListener/CookieClearingLogoutListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public function onLogout(LogoutEvent $event): void
4040
}
4141

4242
foreach ($this->cookies as $cookieName => $cookieData) {
43-
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
43+
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null);
4444
}
4545
}
4646

src/Symfony/Component/Security/Http/Tests/EventListener/CookieClearingLogoutListenerTest.php

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\Security\Http\Tests\EventListener;
13+
14+
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\HttpFoundation\Cookie;
16+
use Symfony\Component\HttpFoundation\Request;
17+
use Symfony\Component\HttpFoundation\Response;
18+
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
19+
use Symfony\Component\Security\Http\Event\LogoutEvent;
20+
use Symfony\Component\Security\Http\EventListener\CookieClearingLogoutListener;
21+
22+
class CookieClearingLogoutListenerTest extends TestCase
23+
{
24+
public function testLogout()
25+
{
26+
$response = new Response();
27+
$event = new LogoutEvent(new Request(), null);
28+
$event->setResponse($response);
29+
30+
$listener = new CookieClearingLogoutListener(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT], 'foo2' => ['path' => null, 'domain' => null]]);
31+
32+
$cookies = $response->headers->getCookies();
33+
$this->assertCount(0, $cookies);
34+
35+
$listener->onLogout($event);
36+
37+
$cookies = $response->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
38+
$this->assertCount(2, $cookies);
39+
40+
$cookie = $cookies['foo.foo']['/foo']['foo'];
41+
$this->assertEquals('foo', $cookie->getName());
42+
$this->assertEquals('/foo', $cookie->getPath());
43+
$this->assertEquals('foo.foo', $cookie->getDomain());
44+
$this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
45+
$this->assertTrue($cookie->isSecure());
46+
$this->assertTrue($cookie->isCleared());
47+
48+
$cookie = $cookies['']['/']['foo2'];
49+
$this->assertStringStartsWith('foo2', $cookie->getName());
50+
$this->assertEquals('/', $cookie->getPath());
51+
$this->assertNull($cookie->getDomain());
52+
$this->assertNull($cookie->getSameSite());
53+
$this->assertFalse($cookie->isSecure());
54+
$this->assertTrue($cookie->isCleared());
55+
}
56+
}

0 commit comments

Comments
 (0)
0