Revision cfa4b526
Added by Dominic Cleal about 10 years ago
test/functional/locations_controller_test.rb | ||
---|---|---|
# session is reset, redirected to login, but org id remains
|
||
assert_redirected_to "/users/login"
|
||
assert_match /Your session has expired, please login again/, flash[:warning]
|
||
assert_equal session["location_id"], taxonomies(:location1).id
|
||
assert_equal session[:location_id], taxonomies(:location1).id
|
||
end
|
||
|
||
test "should display a warning if current location has been deleted" do
|
Also available in: Unified diff
fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)