2021-11-15 10:50:12 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-07-27 22:27:38 -04:00
|
|
|
RSpec.describe "multisite", type: %i[multisite request] do
|
2021-11-15 10:50:12 -05:00
|
|
|
it "works" do
|
|
|
|
get "http://test.localhost/session/csrf.json"
|
2023-01-12 06:01:20 -05:00
|
|
|
expect(response.status).to eq(200)
|
2022-05-19 10:58:31 -04:00
|
|
|
cookie = CGI.escape(response.cookies["_forum_session"])
|
2021-11-15 10:50:12 -05:00
|
|
|
id1 = session["session_id"]
|
|
|
|
|
|
|
|
get "http://test.localhost/session/csrf.json",
|
|
|
|
headers: {
|
|
|
|
"Cookie" => "_forum_session=#{cookie};",
|
|
|
|
}
|
2023-01-12 06:01:20 -05:00
|
|
|
expect(response.status).to eq(200)
|
2021-11-15 10:50:12 -05:00
|
|
|
id2 = session["session_id"]
|
|
|
|
|
|
|
|
expect(id1).to eq(id2)
|
|
|
|
|
|
|
|
get "http://test2.localhost/session/csrf.json",
|
|
|
|
headers: {
|
|
|
|
"Cookie" => "_forum_session=#{cookie};",
|
|
|
|
}
|
2023-01-12 06:01:20 -05:00
|
|
|
expect(response.status).to eq(200)
|
2021-11-15 10:50:12 -05:00
|
|
|
id3 = session["session_id"]
|
|
|
|
|
|
|
|
# Session cookie was rejected and rotated
|
|
|
|
expect(id2).not_to eq(id3)
|
|
|
|
end
|
|
|
|
end
|