diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index a6fa11dd25a55454302690fe42a0d4f38d28d330..10b92f54c26f520f8b1e7bb4f692cbfba487c143 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -1694,11 +1694,13 @@ function install_finished(&$install_state) {
$snapshot = \Drupal::service('config.storage.snapshot');
\Drupal::service('config.manager')->createSnapshot($active, $snapshot);
- // Load current user and perform final login tasks.
- // This has to be done after drupal_flush_all_caches()
- // to avoid session regeneration.
- $account = user_load(1);
- user_login_finalize($account);
+ if ($install_state['interactive']) {
+ // Load current user and perform final login tasks.
+ // This has to be done after drupal_flush_all_caches()
+ // to avoid session regeneration.
+ $account = user_load(1);
+ user_login_finalize($account);
+ }
// @todo Temporary hack to satisfy PIFR.
// @see https://drupal.org/node/1317548
diff --git a/core/modules/simpletest/src/TestBase.php b/core/modules/simpletest/src/TestBase.php
index fb09a1f22aa5be33b49ef91a36446a92de4f7fda..dd583f542f85176cb44bb1b45796e5dcd5fcc166 100644
--- a/core/modules/simpletest/src/TestBase.php
+++ b/core/modules/simpletest/src/TestBase.php
@@ -7,6 +7,7 @@
namespace Drupal\simpletest;
+use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Random;
use Drupal\Core\Database\Database;
use Drupal\Component\Utility\String;
@@ -195,6 +196,11 @@ abstract class TestBase {
*/
protected $randomGenerator;
+ /**
+ * The name of the session cookie.
+ */
+ protected $originalSessionName;
+
/**
* Constructor for Test.
*
@@ -1035,8 +1041,17 @@ private function prepareEnvironment() {
$this->originalProfile = drupal_get_profile();
$this->originalUser = isset($user) ? clone $user : NULL;
- // Ensure that the current session is not changed by the new environment.
- \Drupal::service('session_manager')->disable();
+ // Prevent that session data is leaked into the UI test runner by closing
+ // the session and then setting the session-name (i.e. the name of the
+ // session cookie) to a random value. If a test starts a new session, then
+ // it will be associated with a different session-name. After the test-run
+ // it can be safely destroyed.
+ // @see TestBase::restoreEnvironment()
+ if (PHP_SAPI !== 'cli' && session_status() === PHP_SESSION_ACTIVE) {
+ session_write_close();
+ }
+ $this->originalSessionName = session_name();
+ session_name('SIMPLETEST' . Crypt::randomBytesBase64());
// Save and clean the shutdown callbacks array because it is static cached
// and will be changed by the test run. Otherwise it will contain callbacks
@@ -1151,6 +1166,15 @@ protected function tearDown() {
* @see TestBase::prepareEnvironment()
*/
private function restoreEnvironment() {
+ // Destroy the session if one was started during the test-run.
+ $_SESSION = array();
+ if (PHP_SAPI !== 'cli' && session_status() === PHP_SESSION_ACTIVE) {
+ session_destroy();
+ $params = session_get_cookie_params();
+ setcookie(session_name(), '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ }
+ session_name($this->originalSessionName);
+
// Reset all static variables.
// Unsetting static variables will potentially invoke destruct methods,
// which might call into functions that prime statics and caches again.
@@ -1236,7 +1260,6 @@ private function restoreEnvironment() {
// Restore original user session.
$this->container->set('current_user', $this->originalUser);
- \Drupal::service('session_manager')->enable();
}
/**
diff --git a/core/modules/simpletest/src/WebTestBase.php b/core/modules/simpletest/src/WebTestBase.php
index e0aaa3ec2809b911e71b117385b2cc1aa32697b9..33c04b87b1da4fc7de866126c4265a1eb12e68e7 100644
--- a/core/modules/simpletest/src/WebTestBase.php
+++ b/core/modules/simpletest/src/WebTestBase.php
@@ -785,6 +785,16 @@ protected function drupalLogout() {
}
}
+ /**
+ * Returns the session name in use on the child site.
+ *
+ * @return string
+ * The name of the session cookie.
+ */
+ public function getSessionName() {
+ return $this->session_name;
+ }
+
/**
* Sets up a Drupal site for running functional and integration tests.
*
@@ -816,6 +826,12 @@ protected function setUp() {
'pass_raw' => $this->randomName(),
));
+ // Some tests (SessionTest and SessionHttpsTest) need to examine whether the
+ // proper session cookies were set on a response. Because the child site
+ // uses the same session name as the test runner, it is necessary to make
+ // that available to test-methods.
+ $this->session_name = $this->originalSessionName;
+
// Reset the static batch to remove Simpletest's batch operations.
$batch = &batch_get();
$batch = array();
@@ -892,10 +908,11 @@ protected function setUp() {
$request = \Drupal::request();
$this->kernel = DrupalKernel::createFromRequest($request, drupal_classloader(), 'prod', TRUE);
+ $this->kernel->prepareLegacyRequest($request);
// Force the container to be built from scratch instead of loaded from the
// disk. This forces us to not accidently load the parent site.
$container = $this->kernel->rebuildContainer();
- $this->kernel->prepareLegacyRequest($request);
+
$config = $container->get('config.factory');
// Manually create and configure private and temporary files directories.
@@ -1117,7 +1134,6 @@ protected function rebuildContainer() {
$request = \Drupal::request();
// Rebuild the kernel and bring it back to a fully bootstrapped state.
$this->container = $this->kernel->rebuildContainer();
- $this->container->get('current_user')->setAccount(\Drupal::currentUser());
// The request context is normally set by the router_listener from within
// its KernelEvents::REQUEST listener. In the simpletest parent site this
@@ -1234,9 +1250,6 @@ protected function curlInitialize() {
if (!$result) {
throw new \UnexpectedValueException('One or more cURL options could not be set.');
}
-
- // By default, the child session name should be the same as the parent.
- $this->session_name = session_name();
}
// We set the user agent header on each request so as to use the current
// time and a new uniqid.
diff --git a/core/modules/system/src/Tests/Session/SessionHttpsTest.php b/core/modules/system/src/Tests/Session/SessionHttpsTest.php
index a9c709c1ae5fe707e29a1c709010752c81bfc723..cc753b6e6d09acd92ff5aa601f8e8ff805c88091 100644
--- a/core/modules/system/src/Tests/Session/SessionHttpsTest.php
+++ b/core/modules/system/src/Tests/Session/SessionHttpsTest.php
@@ -40,12 +40,12 @@ public function setUp() {
protected function testHttpsSession() {
if ($this->request->isSecure()) {
- $secure_session_name = session_name();
- $insecure_session_name = substr(session_name(), 1);
+ $secure_session_name = $this->getSessionName();
+ $insecure_session_name = substr($this->getSessionName(), 1);
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
$user = $this->drupalCreateUser(array('access administration pages'));
@@ -124,8 +124,8 @@ protected function testMixedModeSslSession() {
return;
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
// Enable secure pages.
@@ -231,12 +231,12 @@ protected function testMixedModeSslSession() {
*/
protected function testCsrfTokenWithMixedModeSsl() {
if ($this->request->isSecure()) {
- $secure_session_name = session_name();
- $insecure_session_name = substr(session_name(), 1);
+ $secure_session_name = $this->getSessionName();
+ $insecure_session_name = substr($this->getSessionName(), 1);
}
else {
- $secure_session_name = 'S' . session_name();
- $insecure_session_name = session_name();
+ $secure_session_name = 'S' . $this->getSessionName();
+ $insecure_session_name = $this->getSessionName();
}
// Enable mixed mode SSL.
diff --git a/core/modules/system/src/Tests/Session/SessionTest.php b/core/modules/system/src/Tests/Session/SessionTest.php
index 720f16fcfc8d5486d4b2918802ef705d2fdd2324..47ef4b3e01b7635306eb547d31a4242e67967648 100644
--- a/core/modules/system/src/Tests/Session/SessionTest.php
+++ b/core/modules/system/src/Tests/Session/SessionTest.php
@@ -36,7 +36,7 @@ public static function getInfo() {
*/
function testSessionSaveRegenerate() {
$session_manager = $this->container->get('session_manager');
- $this->assertFalse($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns FALSE (in testing framework).');
+ $this->assertTrue($session_manager->isEnabled(), 'SessionManager->isEnabled() initially returns TRUE.');
$this->assertFalse($session_manager->disable()->isEnabled(), 'SessionManager->isEnabled() returns FALSE after disabling.');
$this->assertTrue($session_manager->enable()->isEnabled(), 'SessionManager->isEnabled() returns TRUE after enabling.');
@@ -260,7 +260,7 @@ function testEmptySessionID() {
// be valid. Closing the curl handler will stop the previous session ID
// from persisting.
$this->curlClose();
- $this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->session_name) . '=;';
+ $this->additionalCurlOptions[CURLOPT_COOKIE] = rawurlencode($this->getSessionName()) . '=;';
$this->drupalGet('session-test/id-from-cookie');
$this->assertRaw("session_id:\n", 'Session ID is blank as sent from cookie header.');
// Assert that we have an anonymous session now.