Session: default values for cookie_path, cookie_domain & cookie_secure are taken from Response

dg · dg · commit c8d7760547fc · 2018-08-28T00:15:04.000+02:00
diff --git a/src/Http/Session.php b/src/Http/Session.php
@@ -38,9 +38,6 @@ class Session
 
 		// cookies
 		'cookie_lifetime' => 0,   // until the browser is closed
-		'cookie_path' => '/',     // cookie is available within the entire domain
-		'cookie_domain' => '',    // cookie is available on current subdomain only
-		'cookie_secure' => false, // cookie is available on HTTP & HTTPS
 		'cookie_httponly' => true, // must be enabled to prevent Session Hijacking
 
 		// other
@@ -62,6 +59,9 @@ public function __construct(IRequest $request, IResponse $response)
 		$this->request = $request;
 		$this->response = $response;
 		self::$started = self::$started && session_status() === PHP_SESSION_ACTIVE;
+		$this->options['cookie_path'] = & $this->response->cookiePath;
+		$this->options['cookie_domain'] = & $this->response->cookieDomain;
+		$this->options['cookie_secure'] = & $this->response->cookieSecure;
 	}
 
 
diff --git a/tests/Http/Session.cookies.phpt b/tests/Http/Session.cookies.phpt
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+$factory = new Nette\Http\RequestFactory;
+$response = new Nette\Http\Response;
+$session = new Nette\Http\Session($factory->createHttpRequest(), $response);
+
+$session->setOptions([]);
+
+$response->cookiePath = '/user/';
+$response->cookieDomain = 'nette.org';
+$response->cookieSecure = true;
+
+Assert::same([
+	'referer_check' => '',
+	'use_cookies' => 1,
+	'use_only_cookies' => 1,
+	'use_trans_sid' => 0,
+	'cookie_lifetime' => 0,
+	'cookie_httponly' => true,
+	'gc_maxlifetime' => 10800,
+	'cookie_path' => '/user/',
+	'cookie_domain' => 'nette.org',
+	'cookie_secure' => true,
+], $session->getOptions());
+
+$session->setOptions([
+	'cookie_domain' => '.domain.com',
+]);
+
+Assert::same('nette.org', $response->cookieDomain);
diff --git a/tests/Http/Session.setOptions.phpt b/tests/Http/Session.setOptions.phpt
@@ -21,11 +21,11 @@ Assert::same([
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
 	'cookie_lifetime' => 0,
+	'cookie_httponly' => true,
+	'gc_maxlifetime' => 10800,
 	'cookie_path' => '/',
 	'cookie_domain' => '',
 	'cookie_secure' => false,
-	'cookie_httponly' => true,
-	'gc_maxlifetime' => 10800,
 ], $session->getOptions());
 
 $session->setOptions([
@@ -38,10 +38,10 @@ Assert::same([
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
 	'cookie_lifetime' => 0,
-	'cookie_path' => '/',
-	'cookie_secure' => false,
 	'cookie_httponly' => true,
 	'gc_maxlifetime' => 10800,
+	'cookie_path' => '/',
+	'cookie_secure' => false,
 ], $session->getOptions());
 
 $session->setOptions([
@@ -54,8 +54,8 @@ Assert::same([
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
 	'cookie_lifetime' => 0,
-	'cookie_path' => '/',
-	'cookie_secure' => false,
 	'cookie_httponly' => true,
 	'gc_maxlifetime' => 10800,
+	'cookie_path' => '/',
+	'cookie_secure' => false,
 ], $session->getOptions());
