1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestUtil;
use Apache::TestRequest;
my @testcases = (
['/modules/usertrack/foo.html'],
['/modules/usertrack/bar.html'],
['/modules/usertrack/foo.html'],
['/modules/usertrack/bar.html'],
);
my $iters = 100;
my %cookiex = ();
plan tests => (scalar (@testcases) * 2 + 2) * $iters + 1 + 3, need 'mod_usertrack';
foreach (1..$iters) {
my $nb_req = 1;
my $cookie = "";
foreach my $t (@testcases) {
##
my $r = GET($t->[0], "Cookie" => $cookie);
# Checking for return code
ok t_cmp($r->code, 200, "Checking return code is '200'");
# Checking for content
my $setcookie = $r->header('Set-Cookie');
# Only the first and third requests of an iteration must have a Set-Cookie
if ((($nb_req == 1) || ($nb_req == 3)) && (defined $setcookie)) {
ok defined $setcookie;
print "Set-Cookie: " . $setcookie . "\n";
# Copy the cookie in order to send it back in the next requests
$cookie = substr($setcookie, 0, index($setcookie, ";") );
print "Cookie: " . $cookie . "\n";
# This cookie must not have been already seen
ok !exists($cookiex{$cookie});
$cookiex{$cookie} = 1;
}
else {
ok !(defined $setcookie);
}
# After the 2nd request, we lie and send a modified cookie.
# So the 3rd request whould receive a new cookie
if ($nb_req == 2) {
$cookie = "X" . $cookie;
}
$nb_req++;
}
}
# Check the overall number of cookies generated
ok ((scalar (keys %cookiex)) == ($iters * 2));
# Check that opt-in flags aren't set
my $r = GET("/modules/usertrack/foo.html");
ok t_cmp($r->code, 200, "Checking return code is '200'");
# Checking for content
my $setcookie = $r->header('Set-Cookie');
t_debug("$setcookie");
ok defined $setcookie;
$setcookie =~ m/(Secure|HTTPonly|SameSite)/i;
ok t_cmp($1, undef);
|
