MCPcopy Index your code
hub / github.com/coder/coder / TestSessionCookieMaxAge

Function TestSessionCookieMaxAge

coderd/apikey_test.go:402–444  ·  view source on GitHub ↗

TestSessionCookieMaxAge verifies that the session cookie is a persistent cookie (has MaxAge set) rather than a session cookie. Standalone PWAs run in their own browser process and mobile OSes purge in-memory (session) cookies when that process is killed, so the cookie must be persisted to disk.

(t *testing.T)

Source from the content-addressed store, hash-verified

400// (session) cookies when that process is killed, so the cookie must be
401// persisted to disk.
402func TestSessionCookieMaxAge(t *testing.T) {
403 t.Parallel()
404
405 ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
406 defer cancel()
407
408 client := coderdtest.New(t, nil)
409
410 // Create the first user (password-based login).
411 req := codersdk.CreateFirstUserRequest{
412 Email: "testuser@coder.com",
413 Username: "testuser",
414 Password: "SomeSecurePassword!",
415 }
416 _, err := client.CreateFirstUser(ctx, req)
417 require.NoError(t, err)
418
419 // Login via the raw HTTP endpoint so we can inspect the Set-Cookie header.
420 loginURL, err := client.URL.Parse("/api/v2/users/login")
421 require.NoError(t, err)
422
423 res, err := client.Request(ctx, http.MethodPost, loginURL.String(), codersdk.LoginWithPasswordRequest{
424 Email: req.Email,
425 Password: req.Password,
426 })
427 require.NoError(t, err)
428 defer res.Body.Close()
429 require.Equal(t, http.StatusCreated, res.StatusCode)
430
431 oneYear := int((365 * 24 * time.Hour).Seconds())
432 var found bool
433 for _, cookie := range res.Cookies() {
434 if cookie.Name == codersdk.SessionTokenCookie {
435 // MaxAge should be set to a long value so the browser
436 // persists the cookie to disk. The server handles real
437 // expiry via the API key's ExpiresAt field.
438 require.Equal(t, oneYear, cookie.MaxAge,
439 "Session cookie MaxAge should be set to 1 year for disk persistence")
440 found = true
441 }
442 }
443 require.True(t, found, "session cookie should be present in login response")
444}
445
446func TestAPIKey_OK(t *testing.T) {
447 t.Parallel()

Callers

nothing calls this directly

Calls 8

NewFunction · 0.92
CreateFirstUserMethod · 0.80
CookiesMethod · 0.80
ParseMethod · 0.65
CloseMethod · 0.65
RequestMethod · 0.45
StringMethod · 0.45
EqualMethod · 0.45

Tested by

no test coverage detected