'Session value', 'page callback' => '_session_test_get', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/id'] = array( 'title' => 'Session ID', 'page callback' => '_session_test_id', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/id-from-cookie'] = array( 'title' => 'Session ID from cookie', 'page callback' => '_session_test_id_from_cookie', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/set/%'] = array( 'title' => 'Set session value', 'page callback' => '_session_test_set', 'page arguments' => array(2), 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/no-set/%'] = array( 'title' => 'Set session value but do not save session', 'page callback' => '_session_test_no_set', 'page arguments' => array(2), 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/set-message'] = array( 'title' => 'Set message', 'page callback' => '_session_test_set_message', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/set-message-but-dont-save'] = array( 'title' => 'Set message but do not save session', 'page callback' => '_session_test_set_message_but_dont_save', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/set-not-started'] = array( 'title' => 'Set message when session is not started', 'page callback' => '_session_test_set_not_started', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); $items['session-test/is-logged-in'] = array( 'title' => 'Check if user is logged in', 'page callback' => '_session_test_is_logged_in', 'access callback' => 'user_is_logged_in', 'type' => MENU_CALLBACK, ); return $items; } /** * It's very unusual to do anything outside of a function / hook, but in this * case we want to simulate a given session.cookie_samesite setting in php.ini * or via ini_set() in settings.php. This would almost never be a good idea * outside of a test scenario. */ if (isset($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'])) { if (in_array($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'], array('None', 'Lax', 'Strict', '*EMPTY*'))) { $value = ($_SERVER['HTTP_X_SESSION_COOKIE_INI_SET'] == '*EMPTY*') ? '' : $_SERVER['HTTP_X_SESSION_COOKIE_INI_SET']; ini_set('session.cookie_samesite', $value); } } /** * Implements hook_boot(). */ function session_test_boot() { header('X-Session-Empty: ' . intval(empty($_SESSION))); } /** * Page callback, prints the stored session value to the screen. */ function _session_test_get() { if (!empty($_SESSION['session_test_value'])) { return t('The current value of the stored session variable is: %val', array('%val' => $_SESSION['session_test_value'])); } else { return ""; } } /** * Page callback, stores a value in $_SESSION['session_test_value']. */ function _session_test_set($value) { $_SESSION['session_test_value'] = $value; return t('The current value of the stored session variable has been set to %val', array('%val' => $value)); } /** * Menu callback: turns off session saving and then tries to save a value * anyway. */ function _session_test_no_set($value) { drupal_save_session(FALSE); _session_test_set($value); return t('session saving was disabled, and then %val was set', array('%val' => $value)); } /** * Menu callback: print the current session ID. */ function _session_test_id() { // Set a value in $_SESSION, so that drupal_session_commit() will start // a session. $_SESSION['test'] = 'test'; drupal_session_commit(); return 'session_id:' . session_id() . "\n"; } /** * Menu callback: print the current session ID as read from the cookie. */ function _session_test_id_from_cookie() { return 'session_id:' . $_COOKIE[session_name()] . "\n"; } /** * Menu callback, sets a message to me displayed on the following page. */ function _session_test_set_message() { drupal_set_message(t('This is a dummy message.')); print t('A message was set.'); // Do not return anything, so the current request does not result in a themed // page with messages. The message will be displayed in the following request // instead. } /** * Menu callback, sets a message but call drupal_save_session(FALSE). */ function _session_test_set_message_but_dont_save() { drupal_save_session(FALSE); _session_test_set_message(); } /** * Menu callback, stores a value in $_SESSION['session_test_value'] without * having started the session in advance. */ function _session_test_set_not_started() { if (!drupal_session_will_start()) { $_SESSION['session_test_value'] = t('Session was not started'); } } /** * Implements hook_user(). */ function session_test_user_login($edit = array(), $user = NULL) { if ($user->name == 'session_test_user') { // Exit so we can verify that the session was regenerated // before hook_user() was called. exit; } } /** * Implements hook_form_FORM_ID_alter(). */ function session_test_form_user_login_alter(&$form) { $form['#https'] = TRUE; } /** * Implements hook_drupal_goto_alter(). * * Force the redirection to go to a non-secure page after being on a secure * page through https.php. */ function session_test_drupal_goto_alter(&$path, &$options, &$http_response_code) { global $base_insecure_url, $is_https_mock; // Alter the redirect to use HTTP when using a mock HTTPS request through // https.php because form submissions would otherwise redirect to a // non-existent HTTPS site. if (!empty($is_https_mock)) { $path = $base_insecure_url . '/' . $path; } } /** * Menu callback, only available if current user is logged in. */ function _session_test_is_logged_in() { return t('User is logged in.'); }