Merge pull request #9 from ppavlovic/master

Ported changes from releaase/2.x to master

Author: ppavlovic

composer.json

@@ -43,22 +43,22 @@
   },
   "scripts": {
     "unit-test": [
-      "./vendor/bin/phpunit -c tests/unit/phpunit.xml --colors=always --coverage-html tests/unit/coverage"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/phpunit -c tests/unit/phpunit.xml --colors=always --coverage-html tests/unit/coverage"
     ],
     "test-coverage": [
-      "./vendor/bin/phpunit --colors=always -c tests/unit/phpunit.xml --coverage-text"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/phpunit --colors=always -c tests/unit/phpunit.xml --coverage-text"
     ],
     "test-report": [
-      "./vendor/bin/phpunit --colors=always -c tests/unit/phpunit.xml --coverage-clover=tests/unit/coverage/code-coverage.xml"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/phpunit --colors=always -c tests/unit/phpunit.xml --coverage-clover=tests/unit/coverage/code-coverage.xml"
     ],
     "code-coverage": [
-      "./vendor/bin/code-coverage -p 90 -f tests/unit/coverage/code-coverage.xml"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/code-coverage -p 90 -f tests/unit/coverage/code-coverage.xml"
     ],
     "psr2": [
-      "./vendor/bin/phpcs --colors --standard=PSR2 src/"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/phpcs --colors --standard=PSR2 src/"
     ],
     "psr2-fix": [
-      "./vendor/bin/phpcbf --colors --standard=PSR2 src/"
+      "XDEBUG_MODE=coverage php8.3 ./vendor/bin/phpcbf --colors --standard=PSR2 src/"
     ]
   }
 }

src/Session.php

@@ -35,6 +35,26 @@ class Session
      */
     private $domainName;
 
+    /**
+     * @var string
+     */
+    private $cookiePath = '/';
+
+    /**
+     * @var bool
+     */
+    private $cookieHttpOnly = false;
+
+    /**
+     * @var bool
+     */
+    private $cookieSecure = false;
+
+    /**
+     * @var string
+     */
+    private $cookieSameSite = '';
+
     /**
      * @param array $options
      */
@@ -127,13 +147,48 @@ public function setDomainName($domainName): Session
         return $this;
     }
 
+    public function cookiePath(string $path)
+    {
+        $this->cookiePath = $path;
+        return $this;
+    }
+
+    public function cookieHttpOnly(bool $value)
+    {
+        $this->cookieHttpOnly = $value;
+        return $this;
+    }
+
+    public function cookieSecure(bool $value)
+    {
+        $this->cookieSecure = $value;
+        return $this;
+    }
+
+    public function cookieSameSite(string $value)
+    {
+        $validValues = ['', 'Lax', 'Strict'];
+        if (!in_array($value, $validValues)) {
+            throw new \InvalidArgumentException('Invalid value for cookieSameSite');
+        }
+        $this->cookieSameSite = $value;
+        return $this;
+    }
+
     /**
      * @return Session
      * @throws MissingDomainNameException
      */
     public function start(): Session
     {
-        session_set_cookie_params($this->getLifetime(), '/', $this->getDomainName());
+        session_set_cookie_params([
+            'lifetime' => $this->getLifetime(),
+            'path' => $this->cookiePath,
+            'domain' => $this->getDomainName(),
+            'secure' => $this->cookieSecure,
+            'httponly' => $this->cookieHttpOnly,
+            'samesite' => $this->cookieSameSite,
+        ]);
 
         $this->manager = new SessionManager($this->getConfig());
         $this->manager

tests/unit/src/SessionTest.php

@@ -29,6 +29,131 @@ public function testGetDomainNameException()
         $this->session->getDomainName();
     }
 
+    public function testCookiePathDefault()
+    {
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookiePath');
+        $property->setAccessible(true);
+        $this->assertEquals('/', $property->getValue($this->session));
+    }
+
+    public function testCookiePathSetter()
+    {
+        $result = $this->session->cookiePath('/custom/path');
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookiePath');
+        $property->setAccessible(true);
+        $this->assertEquals('/custom/path', $property->getValue($this->session));
+    }
+
+    public function testCookieHttpOnlyDefault()
+    {
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieHttpOnly');
+        $property->setAccessible(true);
+        $this->assertFalse($property->getValue($this->session));
+    }
+
+    public function testCookieHttpOnlySetter()
+    {
+        $result = $this->session->cookieHttpOnly(true);
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieHttpOnly');
+        $property->setAccessible(true);
+        $this->assertTrue($property->getValue($this->session));
+    }
+
+    public function testCookieSecureDefault()
+    {
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSecure');
+        $property->setAccessible(true);
+        $this->assertFalse($property->getValue($this->session));
+    }
+
+    public function testCookieSecureSetter()
+    {
+        $result = $this->session->cookieSecure(true);
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSecure');
+        $property->setAccessible(true);
+        $this->assertTrue($property->getValue($this->session));
+    }
+
+    public function testCookieSameSiteDefault()
+    {
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSameSite');
+        $property->setAccessible(true);
+        $this->assertEquals('', $property->getValue($this->session));
+    }
+
+    public function testCookieSameSiteSetterWithEmptyString()
+    {
+        $result = $this->session->cookieSameSite('');
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSameSite');
+        $property->setAccessible(true);
+        $this->assertEquals('', $property->getValue($this->session));
+    }
+
+    public function testCookieSameSiteSetterWithLax()
+    {
+        $result = $this->session->cookieSameSite('Lax');
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSameSite');
+        $property->setAccessible(true);
+        $this->assertEquals('Lax', $property->getValue($this->session));
+    }
+
+    public function testCookieSameSiteSetterWithStrict()
+    {
+        $result = $this->session->cookieSameSite('Strict');
+        $this->assertInstanceOf(Session::class, $result);
+        
+        $reflection = new \ReflectionClass($this->session);
+        $property = $reflection->getProperty('cookieSameSite');
+        $property->setAccessible(true);
+        $this->assertEquals('Strict', $property->getValue($this->session));
+    }
+
+    public function testCookieSameSiteSetterWithInvalidValue()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid value for cookieSameSite');
+        $this->session->cookieSameSite('None');
+    }
+
+    public function testCookieSameSiteSetterWithInvalidValueRandom()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid value for cookieSameSite');
+        $this->session->cookieSameSite('InvalidValue');
+    }
+
+    public function testFluentInterfaceChaining()
+    {
+        $result = $this->session
+            ->setDomainName('example.com')
+            ->cookiePath('/app')
+            ->cookieHttpOnly(true)
+            ->cookieSecure(true)
+            ->cookieSameSite('Strict');
+        
+        $this->assertInstanceOf(Session::class, $result);
+        $this->assertEquals('example.com', $this->session->getDomainName());
+    }
+
     protected function setUp(): void
     {
         $this->session = new Session([]);