/** * Function to check logOut function. */ public function testLogOut() { UserManagement::createUser("owasp1", "owasp", "*****@*****.**"); //create a user. User::activateAccount("owasp1"); $obj1 = UserManagement::logIn("owasp1", "owasp"); $obj2 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. $obj3 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. //set session variables to imitate real cookies. $randomValue = randstr(32); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID())); $_COOKIE['SESSIONID'] = $randomValue; UserManagement::logOut($obj3); //log-out the user from this device. This should delete the session from the DB $firstTest = $obj2->getUserID() != NULL; //since this object is "not" logged out, this would still work $result = SQL("SELECT * FROM SESSION"); $secondTest = count($result) == 0; UserManagement::deleteUser("owasp1"); //delete the newly created users. $this->assertTrue($firstTest && $secondTest); }