TestSessionCookieMaxAge verifies that the session cookie is a persistent cookie (has MaxAge set) rather than a session cookie. Standalone PWAs run in their own browser process and mobile OSes purge in-memory (session) cookies when that process is killed, so the cookie must be persisted to disk.
(t *testing.T)
| 400 | // (session) cookies when that process is killed, so the cookie must be |
| 401 | // persisted to disk. |
| 402 | func TestSessionCookieMaxAge(t *testing.T) { |
| 403 | t.Parallel() |
| 404 | |
| 405 | ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) |
| 406 | defer cancel() |
| 407 | |
| 408 | client := coderdtest.New(t, nil) |
| 409 | |
| 410 | // Create the first user (password-based login). |
| 411 | req := codersdk.CreateFirstUserRequest{ |
| 412 | Email: "testuser@coder.com", |
| 413 | Username: "testuser", |
| 414 | Password: "SomeSecurePassword!", |
| 415 | } |
| 416 | _, err := client.CreateFirstUser(ctx, req) |
| 417 | require.NoError(t, err) |
| 418 | |
| 419 | // Login via the raw HTTP endpoint so we can inspect the Set-Cookie header. |
| 420 | loginURL, err := client.URL.Parse("/api/v2/users/login") |
| 421 | require.NoError(t, err) |
| 422 | |
| 423 | res, err := client.Request(ctx, http.MethodPost, loginURL.String(), codersdk.LoginWithPasswordRequest{ |
| 424 | Email: req.Email, |
| 425 | Password: req.Password, |
| 426 | }) |
| 427 | require.NoError(t, err) |
| 428 | defer res.Body.Close() |
| 429 | require.Equal(t, http.StatusCreated, res.StatusCode) |
| 430 | |
| 431 | oneYear := int((365 * 24 * time.Hour).Seconds()) |
| 432 | var found bool |
| 433 | for _, cookie := range res.Cookies() { |
| 434 | if cookie.Name == codersdk.SessionTokenCookie { |
| 435 | // MaxAge should be set to a long value so the browser |
| 436 | // persists the cookie to disk. The server handles real |
| 437 | // expiry via the API key's ExpiresAt field. |
| 438 | require.Equal(t, oneYear, cookie.MaxAge, |
| 439 | "Session cookie MaxAge should be set to 1 year for disk persistence") |
| 440 | found = true |
| 441 | } |
| 442 | } |
| 443 | require.True(t, found, "session cookie should be present in login response") |
| 444 | } |
| 445 | |
| 446 | func TestAPIKey_OK(t *testing.T) { |
| 447 | t.Parallel() |