Skip to content

Commit

Permalink
Merge pull request #361 from nanasess/cookie-secure
Browse files Browse the repository at this point in the history 
常時 https の場合は Cookie の secure オプションを true に設定
  • Loading branch information
@chihiro-adachi
chihiro-adachi authored Dec 26, 2019
2 parents f3b6873 + 40ed775 commit 9fb0fea
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 4 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@ jobs:
run: |
data/vendor/bin/phpunit --exclude-group classloader
data/vendor/bin/phpunit --group classloader
sed 's|http://|https://|g' -i.bak data/config/config.php
data/vendor/bin/phpunit tests/class/SC_SessionFactoryTest.php
- name: Run chromedriver
run: |
Expand Down Expand Up @@ -183,6 +185,8 @@ jobs:
run: |
data/vendor/bin/phpunit --exclude-group classloader
data/vendor/bin/phpunit --group classloader
sed 's|http://|https://|g' -i.bak data/config/config.php
data/vendor/bin/phpunit tests/class/SC_SessionFactoryTest.php
install-to-linux:
name: Install to Linux
Expand Down
2 changes: 2 additions & 0 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ script:
- if [ ! $COVERAGE ] ; then php data/vendor/bin/phpunit -c phpunit.xml.dist --group classloader ; fi
- if [ $COVERAGE ] ; then phpdbg -qrr data/vendor/bin/phpunit -c phpunit.xml.dist --exclude-group classloader ; fi
- if [ ! $COVERAGE ] ; then php data/vendor/bin/codecept run --env chrome --skip-group installer --steps ; fi
- sed -e 's|http://|https://|g' -i.bak data/config/config.php
- if [ ! $COVERAGE ] ; then php data/vendor/bin/phpunit -c phpunit.xml.dist tests/class/SC_SessionFactoryTest.php ; fi

after_script:
- if [ $COVERAGE ] ; then php data/vendor/bin/coveralls -v ; fi
Expand Down
13 changes: 12 additions & 1 deletion data/class/sessionfactory/SC_SessionFactory_UseCookie.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public function initSession()
ini_set('session.cache_limiter', 'none');
// (session.auto_start などで)セッションが開始されていた場合に備えて閉じる。(FIXME: 保存する必要はない。破棄で良い。)
session_write_close();
session_set_cookie_params(0, ROOT_URLPATH, DOMAIN_NAME, false, true);
session_set_cookie_params(0, ROOT_URLPATH, DOMAIN_NAME, $this->getSecureOption(), true);
// セッション開始
// FIXME EC-CUBE をネストしてインストールした場合を考慮して、一意とすべき
session_name('ECSESSID');
Expand All @@ -62,6 +62,17 @@ public function useCookie()
{
return true;
}

/**
* secure オプションの値を返す.
*
* この値をもとに secure オプションを設定する.
* @return bool HTTP_URL 及び HTTPS_URL が https の場合は true
*/
protected function getSecureOption()
{
return (strpos(HTTP_URL, 'https') !== false && strpos(HTTPS_URL, 'https') !== false);
}
}
/*
* Local variables:
Expand Down
6 changes: 3 additions & 3 deletions data/class/sessionfactory/SC_SessionFactory_UseRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ public function initSession()
}
/**
* セッションデータ管理クラスの基底クラス
*
* @deprecated
*/
class LC_UseRequest_State
{
Expand Down Expand Up @@ -429,7 +429,7 @@ public function inisializeSessionData()

/**
* PCサイト用のセッションデータ管理クラス
*
* @deprecated
*/
class LC_UseRequest_State_PC extends LC_UseRequest_State
{
Expand Down Expand Up @@ -493,7 +493,7 @@ public function inisializeSessionData()

/**
* モバイルサイト用のセッションデータ管理クラス
*
* @deprecated
*/
class LC_UseRequest_State_Mobile extends LC_UseRequest_State
{
Expand Down
22 changes: 22 additions & 0 deletions tests/class/SC_SessionFactoryTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?php

class SC_SessionFactoryTest extends Common_TestCase
{
public function testGetInstance()
{
$sessionFactory = SC_SessionFactory_Ex::getInstance();
$sessionFactory->initSession();

$this->assertInstanceOf('SC_SessionFactory_UseCookie', $sessionFactory);
$this->assertTrue($sessionFactory->useCookie());

$refClass = new ReflectionClass($sessionFactory);
$refMethod = $refClass->getMethod('getSecureOption');
$refMethod->setAccessible(true);
if (strpos(HTTP_URL, 'https') !== false) {
$this->assertTrue($refMethod->invoke($sessionFactory));
} else {
$this->markTestIncomplete();
}
}
}

0 comments on commit 9fb0fea

Please sign in to comment.