Adds assertions for remember_me cookie.

Asserts cookie is http_only, secure, and same-site is "strict". Closes stevepolitodesign#87.
mdchaney · Jun 12, 2024 · 2e6e5b0 · 2e6e5b0
1 parent c4e6e7b
commit 2e6e5b0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb
@@ -44,6 +44,12 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
 
  assert_not_nil current_user
  assert_not_nil cookies[:remember_token]
+
+ remember_me_cookie = cookies.get_cookie("remember_token")
+
+ assert remember_me_cookie.http_only?
+ assert remember_me_cookie.secure?
+ assert_equal "Strict", remember_me_cookie.to_h["SameSite"]
  end
 
  test "should forget user when logging out" do