Merge branch 'hotfix/#46-default-cookie-root-path'

Close #46

CHANGELOG.md

@@ -13,12 +13,16 @@ This release contains backwards compatibility breaks with previous releases.
   continue to work and they're no affected.
 - Using `PSR7Session\Http\SessionMiddleware` constructor, it's needed to upgrade
   introducing an instance of `\PSR7Session\Time\SystemCurrentTime()`.
+- When using `PSR7Session\Http\SessionMiddleware::fromSymmetricKeyDefaults()`
+  and `PSR7Session\Http\SessionMiddleware::fromAsymmetricKeyDefaults()`, the
+  produced session cookie will now have a `path=/` by default.
 
 Total issues resolved: **5**
 
 - [20: Make the dependency on time explicit](https://github.com/Ocramius/PSR7Session/issues/20)
 - [31: Added comment for private modifier for __construct()](https://github.com/Ocramius/PSR7Session/pull/31)
 - [42: Disabling phpcs for scrutinizer-ci runs](https://github.com/Ocramius/PSR7Session/pull/42)
+- [46: Sane default for cookie path](https://github.com/Ocramius/PSR7Session/pull/46)
 - [44: Scrutinizer: external coverage support](https://github.com/Ocramius/PSR7Session/pull/44)
 - [50: Make the dependency on time explicit](https://github.com/Ocramius/PSR7Session/pull/50)
 

examples/index.php

@@ -44,7 +44,8 @@
     'c9UA8QKLSmDEn4DhNeJIad/4JugZd/HvrjyKrS0jOes=', // verification key (important: change this to your own)
     SetCookie::create('an-example-cookie-name')
         ->withSecure(false) // false on purpose, unless you have https locally
-        ->withHttpOnly(true),
+        ->withHttpOnly(true)
+        ->withPath('/'),
     new Parser(),
     1200, // 20 minutes
     new SystemCurrentTime()

src/PSR7Session/Http/SessionMiddleware.php

@@ -130,7 +130,8 @@ public static function fromSymmetricKeyDefaults(string $symmetricKey, int $expir
             $symmetricKey,
             SetCookie::create(self::DEFAULT_COOKIE)
                 ->withSecure(true)
-                ->withHttpOnly(true),
+                ->withHttpOnly(true)
+                ->withPath('/'),
             new Parser(),
             $expirationTime,
             new SystemCurrentTime()
@@ -158,7 +159,8 @@ public static function fromAsymmetricKeyDefaults(
             $publicRsaKey,
             SetCookie::create(self::DEFAULT_COOKIE)
                 ->withSecure(true)
-                ->withHttpOnly(true),
+                ->withHttpOnly(true)
+                ->withPath('/'),
             new Parser(),
             $expirationTime,
             new SystemCurrentTime()

test/PSR7SessionTest/Http/SessionMiddlewareTest.php

@@ -417,6 +417,46 @@ public function validMiddlewaresProvider()
         ];
     }
 
+    /**
+     * @group #46
+     */
+    public function testFromSymmetricKeyDefaultsWillHaveADefaultSessionPath()
+    {
+        self::assertSame(
+            '/',
+            $this
+                ->getCookie(
+                    SessionMiddleware::fromSymmetricKeyDefaults('not relevant', 100)
+                        ->__invoke(new ServerRequest(), new Response(), $this->writingMiddleware())
+                )
+                ->getPath()
+        );
+    }
+
+    /**
+     * @group #46
+     *
+     * @throws \InvalidArgumentException
+     * @throws \OutOfBoundsException
+     */
+    public function testFromAsymmetricKeyDefaultsWillHaveADefaultSessionPath()
+    {
+        self::assertSame(
+            '/',
+            $this
+                ->getCookie(
+                    SessionMiddleware
+                        ::fromAsymmetricKeyDefaults(
+                            file_get_contents(__DIR__ . '/../../keys/private_key.pem'),
+                            file_get_contents(__DIR__ . '/../../keys/public_key.pem'),
+                            200
+                        )
+                        ->__invoke(new ServerRequest(), new Response(), $this->writingMiddleware())
+                )
+                ->getPath()
+        );
+    }
+
     /**
      * @param SessionMiddleware $middleware
      * @param ServerRequestInterface $request