assertEquals(40, strlen($hash) ); $this->assertNotContains( $plain, $hash ); } /* [2] Test de l'unicite et du prefix =========================================================*/ public function testIdSessionUniq(){ // Premiere session session_destroy(); @\manager\sessionManager::session_start(); $id_first = session_id(); // Seconde session session_destroy(); @\manager\sessionManager::session_start(); $id_second = session_id(); $this->assertNotEquals( $id_first, $id_second ); } public function testIdenticalPrefix(){ // Premiere session session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr(session_id(), 0, 5); // Seconde session session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr(session_id(), 0, 5); $this->assertEquals( $first_prefix, $second_prefix ); } public function testCookieUniq(){ // Premiere session session_destroy(); @\manager\sessionManager::session_start(); $token_first = $_COOKIE['session_token']; // Seconde session session_destroy(); @\manager\sessionManager::session_start(); $token_second = $_COOKIE['session_token']; $this->assertNotEquals( $token_first, $token_second ); } /* [3] REMOTE_ADDR different =========================================================*/ public function testSessionIdTheftWithWrongIp(){ $default_remote_addr = $_SERVER['REMOTE_ADDR']; // Hote n.1 $_SERVER['REMOTE_ADDR'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr(session_id(), 0, 5); // Hote n.2 $_SERVER['REMOTE_ADDR'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr(session_id(), 0, 5); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['REMOTE_ADDR'] = $default_remote_addr; } public function testSessionTokenTheftWithWrongIp(){ $default_remote_addr = $_SERVER['REMOTE_ADDR']; // Hote n.1 $_SERVER['REMOTE_ADDR'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr($_COOKIE['session_token'], 0, 5); // Hote n.2 $_SERVER['REMOTE_ADDR'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr($_COOKIE['session_token'], 0, 5); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['REMOTE_ADDR'] = $default_remote_addr; } public function testSessionTokenTheftWithWrongIpThenWell(){ $default_remote_addr = $_SERVER['REMOTE_ADDR']; // Hote n.1 $_SERVER['REMOTE_ADDR'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr($_COOKIE['session_token'], 0, 40); // Hote n.2 $_SERVER['REMOTE_ADDR'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr($_COOKIE['session_token'], 0, 40); // Hote n.1 $_SERVER['REMOTE_ADDR'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $third_prefix = substr($_COOKIE['session_token'], 0, 40); $this->assertEquals( $first_prefix, $third_prefix ); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['REMOTE_ADDR'] = $default_remote_addr; } /* [4] HTTP_USER_AGENT different =========================================================*/ public function testSessionIdTheftWithWrongUserAgent(){ $default_http_user_agent = $_SERVER['HTTP_USER_AGENT']; // Hote n.1 $_SERVER['HTTP_USER_AGENT'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr(session_id(), 0, 5); // Hote n.2 $_SERVER['HTTP_USER_AGENT'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr(session_id(), 0, 5); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent; } public function testSessionTokenTheftWithWrongUserAgent(){ $default_http_user_agent = $_SERVER['HTTP_USER_AGENT']; // Hote n.1 $_SERVER['HTTP_USER_AGENT'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr($_COOKIE['session_token'], 0, 40); // Hote n.2 $_SERVER['HTTP_USER_AGENT'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr($_COOKIE['session_token'], 0, 40); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent; } public function testSessionTokenTheftWithWrongUserAgentThenWell(){ $default_http_user_agent = $_SERVER['HTTP_USER_AGENT']; // Hote n.1 $_SERVER['HTTP_USER_AGENT'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $first_prefix = substr($_COOKIE['session_token'], 0, 40); // Hote n.2 $_SERVER['HTTP_USER_AGENT'] = 'b'; session_destroy(); @\manager\sessionManager::session_start(); $second_prefix = substr($_COOKIE['session_token'], 0, 40); // Hote n.1 $_SERVER['HTTP_USER_AGENT'] = 'a'; session_destroy(); @\manager\sessionManager::session_start(); $third_prefix = substr($_COOKIE['session_token'], 0, 40); $this->assertEquals( $first_prefix, $third_prefix ); $this->assertNotEquals( $first_prefix, $second_prefix ); $_SERVER['HTTP_USER_AGENT'] = $default_http_user_agent; } /* [5] Regeneration du cookie 'session_token' =========================================================*/ public function testRegeneratedToken(){ // Connection 1 session_destroy(); @\manager\sessionManager::session_start(); $first_token = $_COOKIE['session_token']; // Connection 2 session_destroy(); @\manager\sessionManager::session_start(); $second_token = $_COOKIE['session_token']; $this->assertNotEquals( $first_token, $second_token ); } public function testSamePrefixToken(){ // Connection 1 session_destroy(); @\manager\sessionManager::session_start(); $first_token_prefix = substr($_COOKIE['session_token'], 0, 40); // Connection 2 session_destroy(); @\manager\sessionManager::session_start(); $second_token_prefix = substr($_COOKIE['session_token'], 0, 40); $this->assertEquals( $first_token_prefix, $second_token_prefix ); } } ?>