assert_equal(true, $krumb["secure"]); assert_equal(true, $krumb["httponly"]); }); it("sets the secret key", function ($args) { $cookie = $args[0]; assert_equal("819b03089487407e44177a2bbec6ee270cfc2964785558d63b489e4cf4d3c9dfefe27b2fc188d4beb96471e1d5c68478dfbbbab43df51cef3e7450236d38d746", $cookie->secret); }); it("returns values stored in session for a new request", function ($args) { $cookie = $args[0]; $cookie->set("name", "fernyb"); $cookie->set("age", "24"); $cookie->set("id", "100"); $cookie->save(); $session_data = $cookie->session_data; $new_request = new CookieStore(); $new_request->initialize(array("session_key" => $cookie->key, "secret" => $cookie->secret)); $new_request->load_session($session_data); assert_equal("fernyb", $new_request->params["name"]); assert_equal("24", $new_request->params["age"]); assert_equal("100", $new_request->params["id"]); }); it("does not load the session when its tampered", function ($a) { $cookie = $a[0]; $cookie->set("name", "fernyb"); $cookie->set("id", "100"); $cookie->save(); $session_data = $cookie->session_data; list($data, $signature) = explode("--", $session_data, 2); $new_data = base64_decode($data); $new_data = unserialize($new_data); # make changes to the data