public function testThatExpiredCSRFSessionRaisesError() { # Create CSRF token (no post yet so doesn't authenticate) NeechySecurity::prevent_csrf(); # Simulate POST form rendered with valid CSRF token $_POST['csrf_token'] = $_SESSION['csrf_token']; # Simulate SESSION expiring before form posted session_unset(); # Simulate form post $this->setExpectedException('NeechyCsrfError'); NeechySecurity::prevent_csrf(); }
public function serve() { try { NeechySecurity::start_session(); NeechySecurity::prevent_csrf(); $this->request = NeechyRequest::load(); $this->validate_environment(); $handler = $this->load_handler(); $response = $handler->handle(); } catch (NeechyError $e) { $handler = new ErrorHandler($this->request); $response = $handler->handle_error($e); } $response->send_headers(); $response->render(); }