/**
* Initialize the session.
*
* This is something you might want to override in your controller so you can
* redirect to a page with a message about being logged out after detecting the session has expired.
*
* @var int $session_expiration Session Expiration in seconds
*/
protected function initializeSession($session_expiration = null)
{
/**
* Setup the session with cookie expiration of one week. This will
* allow the session to persist even if the browser window is closed.
* The session expiration will still be respected (default 1 hour).
*/
$this->session = new Session(new \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage(['cookie_lifetime' => 604800]));
$this->config->load('config');
// Should session cookie be http only? Default true to reduce XSS attack vector.
$session_cookie_httponly = (bool) $this->config->get('session_cookie_httponly', true);
ini_set('session.cookie_httponly', $session_cookie_httponly);
// We need a unique session name for this app. Let's use last 10 characters the file path's sha1 hash.
try {
$this->session->setName('TSAPP' . substr(sha1(__FILE__), -10));
$this->session->start();
// Default session expiration 1 hour.
// Can be overridden in method param or by setting session_expiration in config.php
$session_expiration = !empty($session_expiration) ? $session_expiration : $this->config->get('session_expiration', 3600);
// Is this session too old?
if (time() - $this->session->getMetadataBag()->getLastUsed() > $session_expiration) {
$this->session->invalidate();
}
} catch (\LogicException $e) {
// Session already active, can't change it now!
}
}
public function testGetScriptUrlShouldReturnConfigItem()
{
$_SERVER['SERVER_NAME'] = 'localhost';
$config = new Config($this->getAppDir());
$this->assertContains('http://test.server.name/werx/phpunit', $config->getScriptUrl());
}
