[Security] Prevent canceled remember-me cookie from being accepted

chalasr · chalasr · commit 8124823cc6d3 · 2020-01-06T22:59:17.000+01:00
diff --git a/Tests/Functional/ClearRememberMeTest.php b/Tests/Functional/ClearRememberMeTest.php
@@ -33,7 +33,7 @@ public function testUserChangeClearsCookie()
         $this->assertNotNull($cookieJar->get('REMEMBERME'));
 
         $client->request('GET', '/foo');
-        $this->assertSame(200, $client->getResponse()->getStatusCode());
+        $this->assertRedirect($client->getResponse(), '/login');
         $this->assertNull($cookieJar->get('REMEMBERME'));
     }
 }
diff --git a/composer.json b/composer.json
@@ -19,7 +19,7 @@
         "php": "^5.5.9|>=7.0.8",
         "ext-xml": "*",
         "symfony/config": "~3.4|~4.0",
-        "symfony/security": "~3.4.36|~4.3.9|^4.4.1",
+        "symfony/security": "~3.4.37|~4.3.10|^4.4.3",
         "symfony/dependency-injection": "^3.4.3|^4.0.3",
         "symfony/http-kernel": "~3.4|~4.0",
         "symfony/polyfill-php70": "~1.0"

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public function testUserChangeClearsCookie()`
`33`	`33`	`$this->assertNotNull($cookieJar->get('REMEMBERME'));`
`34`	`34`
`35`	`35`	`$client->request('GET', '/foo');`
`36`		`- $this->assertSame(200, $client->getResponse()->getStatusCode());`
	`36`	`+ $this->assertRedirect($client->getResponse(), '/login');`
`37`	`37`	`$this->assertNull($cookieJar->get('REMEMBERME'));`
`38`	`38`	`}`
`39`	`39`	`}`