Skip to content

Commit

Permalink
added proper session clearing on logout
Browse files Browse the repository at this point in the history
  • Loading branch information
konradoboza committed Jun 6, 2024
1 parent bd7543a commit 89c306e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 10 deletions.
14 changes: 7 additions & 7 deletions src/lib/Server/Controller/SessionController.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,12 @@ public function checkSessionAction(Request $request)
*
* @deprecated 4.6.7 The "SessionController::refreshSessionAction()" method is deprecated, will be removed in the next API version. Use SessionController::checkSessionAction() instead.
*
* @param string $sessionId
*
* @throws \Ibexa\Contracts\Rest\Exceptions\NotFoundException
*
* @return \Ibexa\Rest\Server\Values\UserSession|\Symfony\Component\HttpFoundation\Response
*
* @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException
* @throws \Ibexa\Contracts\Core\Repository\Exceptions\NotFoundException
*/
public function refreshSessionAction($sessionId, Request $request)
public function refreshSessionAction(string $sessionId, Request $request)
{
trigger_deprecation(
'ibexa/rest',
Expand Down Expand Up @@ -135,7 +134,6 @@ public function refreshSessionAction($sessionId, Request $request)
/**
* @return \Ibexa\Rest\Server\Values\DeletedUserSession|\Symfony\Component\HttpFoundation\Response
*
* @throws \Ibexa\Contracts\Rest\Exceptions\NotFoundException
* @throws \Ibexa\Core\Base\Exceptions\UnauthorizedException
*/
public function deleteSessionAction(string $sessionId, Request $request)
Expand Down Expand Up @@ -207,14 +205,16 @@ private function logout(Request $request): Response
}

$response = new Response();
$requestSession = $request->getSession();

$response->headers->clearCookie(
$request->getSession()->getName(),
$requestSession->getName(),
$path,
$domain
);

$response->setStatusCode(404);
$requestSession->clear();

return $response;
}
Expand Down
4 changes: 1 addition & 3 deletions tests/bundle/Functional/SessionTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,15 +71,13 @@ public function testCreateSession(): stdClass
return $this->login();
}

public function testDeleteSession(): stdClass
public function testDeleteSession(): void
{
$session = $this->login();
$response = $this->sendHttpRequest($this->createDeleteRequest($session));

self::assertHttpResponseCodeEquals($response, 204);
self::assertHttpResponseDeletesSessionCookie($session, $response);

return $session;
}

/**
Expand Down

0 comments on commit 89c306e

Please sign in to comment.