SessionManager: remove unused UID token

There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-05-10 13:07:51 +0200
committer: VirtualTam <virtualtam@flibidi.net> 2018-06-02 16:46:06 +0200
commit: ebf615173824a46de82fa97a165bcfd883db15ce (patch)
tree: 26374298b3c7f2009ef939c5d5e3d787938581be /tests/security/SessionManagerTest.php
parent: c689e108639a4f6aa9e15928422e14db7cbe30ca (diff)
download: Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.gz
Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.zst
Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.zip
1 files changed, 0 insertions, 13 deletions
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index e1c72707..ae10ffa6 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -164,7 +164,6 @@ class SessionManagerTest extends TestCase
    {
        $this->sessionManager->storeLoginInfo('ip_id');
-        $this->assertTrue(isset($this->session['uid']));
        $this->assertGreaterThan(time(), $this->session['expires_on']);
        $this->assertEquals('ip_id', $this->session['ip']);
        $this->assertEquals('johndoe', $this->session['username']);
@@ -209,7 +208,6 @@ class SessionManagerTest extends TestCase
    public function testLogout()
    {
        $this->session = [
-            'uid' => 'some-uid',
            'ip' => 'ip_id',
            'expires_on' => time() + 1000,
            'username' => 'johndoe',
@@ -218,7 +216,6 @@ class SessionManagerTest extends TestCase
        ];
        $this->sessionManager->logout();
-        $this->assertFalse(isset($this->session['uid']));
        $this->assertFalse(isset($this->session['ip']));
        $this->assertFalse(isset($this->session['expires_on']));
        $this->assertFalse(isset($this->session['username']));
@@ -227,19 +224,10 @@ class SessionManagerTest extends TestCase
    }
    /**
-     * The session is considered as expired because the UID is missing
-     */
-    public function testHasExpiredNoUid()
-    {
-        $this->assertTrue($this->sessionManager->hasSessionExpired());
-    }
-    /**
     * The session is active and expiration time has been reached
     */
    public function testHasExpiredTimeElapsed()
    {
-        $this->session['uid'] = 'some-uid';
        $this->session['expires_on'] = time() - 10;
        $this->assertTrue($this->sessionManager->hasSessionExpired());
@@ -250,7 +238,6 @@ class SessionManagerTest extends TestCase
     */
    public function testHasNotExpired()
    {
-        $this->session['uid'] = 'some-uid';
        $this->session['expires_on'] = time() + 1000;
        $this->assertFalse($this->sessionManager->hasSessionExpired());
author	VirtualTam <virtualtam@flibidi.net>	2018-05-10 13:07:51 +0200
committer	VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +0200
commit	ebf615173824a46de82fa97a165bcfd883db15ce (patch)
tree	26374298b3c7f2009ef939c5d5e3d787938581be /tests/security/SessionManagerTest.php
parent	c689e108639a4f6aa9e15928422e14db7cbe30ca (diff)
download	Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.gz Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.zst Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.zip