diff --git a/src/lib/Server/Controller/SessionController.php b/src/lib/Server/Controller/SessionController.php index f63db87b..f82f3e79 100644 --- a/src/lib/Server/Controller/SessionController.php +++ b/src/lib/Server/Controller/SessionController.php @@ -114,7 +114,7 @@ public function refreshSessionAction($sessionId, Request $request) $session = $request->getSession(); - if ($session === null || !$session->isStarted() || $session->getId() != $sessionId || !$this->hasStoredCsrfToken()) { + if ($session === null || !$session->isStarted() || $session->getId() !== $sessionId || !$this->hasStoredCsrfToken()) { return $this->logout($request); } diff --git a/tests/bundle/Functional/SessionTest.php b/tests/bundle/Functional/SessionTest.php index a90059b0..50435b2e 100644 --- a/tests/bundle/Functional/SessionTest.php +++ b/tests/bundle/Functional/SessionTest.php @@ -142,14 +142,17 @@ public function testLoginWithExistingFrontendSession(): void public function testDeleteSessionExpired(): void { $session = $this->login(); + $deleteSessionRequest = $this->createDeleteRequest($session); - $this->sendHttpRequest($this->createDeleteRequest($session)); - - //triggered again to make sure deleting already deleted session is not possible - $response = $this->sendHttpRequest($this->createDeleteRequest($session)); + $response = $this->sendHttpRequest($deleteSessionRequest); +dump($response); + self::assertHttpResponseCodeEquals($response, 204); + self::assertHttpResponseDeletesSessionCookie($session, $response); + //triggered again to make sure deleting already deleted session results in 404 + $response = $this->sendHttpRequest($deleteSessionRequest); +dd($response); self::assertHttpResponseCodeEquals($response, 404); - self::assertHttpResponseDeletesSessionCookie($session, $response); } protected function createRefreshRequest(stdClass $session): RequestInterface