/** * Function to test the function logOutFromALLDevices */ public function testLogOutFromAllDevices() { UserManagement::createUser("owasp1", "owasp", "*****@*****.**"); //create a user. User::activateAccount("owasp1"); $obj1 = UserManagement::logIn("owasp1", "owasp"); $obj2 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. $obj3 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. //set session variables to imitate real cookies. $randomValue = randstr(32); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); $_COOKIE['sessionid'] = $randomValue; UserManagement::logOutFromAllDevices($obj1->getUserID()); //This will delete all the sessions from the DB $result = SQL("SELECT * FROM SESSION"); $Test = count($result) == 0; UserManagement::deleteUser("owasp1"); //delete the newly created users. $this->assertTrue($Test); }