[Security] fixes a bug when clearing cookies on logout

2011-02-14 20:24:48 +01:00 · 2011-02-14 20:24:48 +01:00 · 44b89e5ac3
commit 44b89e5ac3
parent b685b3ab4d
2 changed files with 11 additions and 25 deletions
--- a/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php
+++ b/src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php
@ -22,24 +22,15 @@ use Symfony\Component\HttpFoundation\Request;
 */
 class CookieClearingLogoutHandler implements LogoutHandlerInterface
 {
-    protected $cookieNames;
+    protected $cookies;
    /**
     * Constructor
-     * @param array $cookieNames An array of cookie names to unset
+     * @param array $cookies An array of cookie names to unset
     */
-    public function __construct(array $cookieNames)
+    public function __construct(array $cookies)
    {
-        $this->cookieNames = $cookieNames;
+        $this->cookies = $cookies;
    }
    /**
     * Returns the names of the cookies to unset
     * @return array
     */
    public function getCookieNames()
    {
        return $this->cookieNames;
    }
    /**
@ -52,8 +43,8 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
     */
    public function logout(Request $request, Response $response, TokenInterface $token)
    {
-        foreach ($this->cookieNames as $cookieName) {
+        foreach ($this->cookies as $cookieName => $cookieData) {
-            $response->headers->clearCookie($cookieName);
+            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
        }
    }
 }
--- a/tests/Symfony/Tests/Component/Security/Http/Logout/CookieClearingLogoutHandlerTest.php
+++ b/tests/Symfony/Tests/Component/Security/Http/Logout/CookieClearingLogoutHandlerTest.php
@ -17,22 +17,13 @@ use Symfony\Component\Security\Http\Logout\CookieClearingLogoutHandler;
 class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
 {
    public function testConstructor()
    {
        $cookieNames = array('foo', 'foo2', 'foo3');
        $handler = new CookieClearingLogoutHandler($cookieNames);
        $this->assertEquals($cookieNames, $handler->getCookieNames());
    }
    public function testLogout()
    {
        $request = new Request();
        $response = new Response();
        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
-        $handler = new CookieClearingLogoutHandler(array('foo', 'foo2'));
+        $handler = new CookieClearingLogoutHandler(array('foo' => array('path' => '/foo', 'domain' => 'foo.foo'), 'foo2' => array('path' => null, 'domain' => null)));
        $this->assertFalse($response->headers->hasCookie('foo'));
@ -43,10 +34,14 @@ class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
        $cookie = $cookies['foo'];
        $this->assertEquals('foo', $cookie->getName());
        $this->assertEquals('/foo', $cookie->getPath());
        $this->assertEquals('foo.foo', $cookie->getDomain());
        $this->assertTrue($cookie->isCleared());
        $cookie = $cookies['foo2'];
        $this->assertStringStartsWith('foo2', $cookie->getName());
        $this->assertNull($cookie->getPath());
        $this->assertNull($cookie->getDomain());
        $this->assertTrue($cookie->isCleared());
    }
 }