Merge branch 'hotfix/use-expires-not-max-age' into develop

Forward port #4 Conflicts: CHANGELOG.md
zendframework · Oct 26, 2018 · e984ff8 · e984ff8
2 parents 5406a59 + 602ab4c
commit e984ff8
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,15 +24,18 @@ All notable changes to this project will be documented in this file, in reverse
 
 - Nothing.
 
-## 1.1.1 - TBD
+## 1.1.1 - 2018-10-26
 
 ### Added
 
 - Nothing.
 
 ### Changed
 
-- Nothing.
+- [#4](https://github.com/zendframework/zend-expressive-session-cache/pull/4) modifies the behavior when setting a persistent cookie. Previously,
+  it would set a Max-Age directive on the cookie; however, this is not supported
+  in all browsers or SAPIs. As such, it now creates an Expires directive, which
+  will have essentially the same effect for users.
 
 ### Deprecated
 

diff --git a/docs/book/v1/config.md b/docs/book/v1/config.md
@@ -117,8 +117,8 @@ return [
         // A boolean value indicating whether or not the session cookie
         // should persist. By default, this is disabled (false); passing
         // a boolean true value will enable the feature. When enabled, the
-        // cookie will be generated with a Max-Age directive equal to the
-        // cache_expire value as noted above.
+        // cookie will be generated with an Expires directive equal to the
+        // the current time plus the cache_expire value as noted above.
         'persistent' => false,
     ],
 ];

diff --git a/docs/book/v1/manual.md b/docs/book/v1/manual.md
@@ -20,8 +20,8 @@ The following details the constructor of the `Zend\Expressive\Session\Cache\Cach
  *     public/index.php, index.php, and finally the current working
  *     directory, using the filemtime() of the first found.
  * @param bool $persistent Whether or not to create a persistent cookie. If
- *     provided, this sets the Max-Age for the cookie to the value of
- *     $cacheExpire.
+ *     provided, this sets the Expires directive for the cookie based on
+ *     the value of $cacheExpire.
  */
 public function __construct(
     \Psr\Cache\CacheItemPoolInterface $cache,

diff --git a/src/CacheSessionPersistence.php b/src/CacheSessionPersistence.php
@@ -9,6 +9,8 @@
 
 namespace Zend\Expressive\Session\Cache;
 
+use DateInterval;
+use DateTimeImmutable;
 use Dflydev\FigCookies\FigRequestCookies;
 use Dflydev\FigCookies\FigResponseCookies;
 use Dflydev\FigCookies\SetCookie;
@@ -95,8 +97,8 @@ class CacheSessionPersistence implements SessionPersistenceInterface
      *     public/index.php, index.php, and finally the current working
      *     directory, using the filemtime() of the first found.
      * @param bool $persistent Whether or not to create a persistent cookie. If
-     *     provided, this sets the Max-Age for the cookie to the value of
-     *     $cacheExpire.
+     *     provided, this sets the Expires directive for the cookie based on
+     *     the value of $cacheExpire.
      */
     public function __construct(
         CacheItemPoolInterface $cache,
@@ -162,7 +164,9 @@ public function persistSession(SessionInterface $session, ResponseInterface $res
             ->withPath($this->cookiePath);
 
         if ($this->persistent) {
-            $sessionCookie = $sessionCookie->withMaxAge($this->cacheExpire);
+            $sessionCookie = $sessionCookie->withExpires(
+                (new DateTimeImmutable())->add(new DateInterval(sprintf('PT%dS', $this->cacheExpire)))
+            );
         }
 
         $response = FigResponseCookies::set($response, $sessionCookie);

diff --git a/test/CacheSessionPersistenceTest.php b/test/CacheSessionPersistenceTest.php
@@ -9,6 +9,8 @@
 
 namespace ZendTest\Expressive\Session\Cache;
 
+use DateInterval;
+use DateTimeImmutable;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
 use Psr\Cache\CacheItemInterface;
@@ -33,6 +35,7 @@ class CacheSessionPersistenceTest extends TestCase
     public function setUp()
     {
         $this->cachePool = $this->prophesize(CacheItemPoolInterface::class);
+        $this->currentTime = new DateTimeImmutable();
     }
 
     public function assertSetCookieUsesIdentifier(string $identifier, Response $response)
@@ -63,17 +66,29 @@ public function assertSetCookieUsesNewIdentifier(string $identifier, Response $r
         );
     }
 
-    public function assertCookieMaxAgeMirrorsExpiry(int $expiry, Response $response)
+    public function assertCookieExpiryMirrorsExpiry(int $expiry, Response $response)
     {
         $setCookie = $response->getHeaderLine('Set-Cookie');
         $parts = explode(';', $setCookie);
         $parts = array_map(function ($value) {
             return trim($value);
         }, $parts);
-        $this->assertContains(
-            'Max-Age=' . $expiry,
-            $parts,
-            sprintf('Could not find Max-Age=%d within set-cookie header: %s', $expiry, $setCookie)
+        $parts = array_filter($parts, function ($value) {
+            return (bool) preg_match('/^Expires=/', $value);
+        });
+
+        $this->assertSame(1, count($parts), 'No Expires directive found in cookie: ' . $setCookie);
+
+        $compare = $this->currentTime->add(new DateInterval(sprintf('PT%dS', $expiry)));
+
+        $value = array_shift($parts);
+        [, $expires] = explode('=', $value);
+        $expiresDate = new DateTimeImmutable($expires);
+
+        $this->assertGreaterThanOrEqual(
+            $expiresDate,
+            $compare,
+            sprintf('Cookie expiry "%s" is not at least "%s"', $expiresDate->format('r'), $compare->format('r'))
         );
     }
 
@@ -661,6 +676,6 @@ public function testPersistentSessionCookieIncludesExpiration()
         $result = $persistence->persistSession($session, $response);
 
         $this->assertNotSame($response, $result);
-        $this->assertCookieMaxAgeMirrorsExpiry(600, $result);
+        $this->assertCookieExpiryMirrorsExpiry(600, $result);
     }
 }