diff --git a/readme.md b/readme.md index 1fcb7ea..f0be5cb 100644 --- a/readme.md +++ b/readme.md @@ -91,6 +91,7 @@ SilverStripe\EnvironmentCheck\EnvironmentCheckSuite: * `ExternalURLCheck`: Checks that one or more URLs are reachable via HTTP. * `SMTPConnectCheck`: Checks if the SMTP connection configured through PHP.ini works as expected. * `SolrIndexCheck`: Checks if the Solr cores of given class are available. + * `SessionCheck`: Checks that a given URL does not generate a session. ## Monitoring Checks diff --git a/src/Checks/SessionCheck.php b/src/Checks/SessionCheck.php new file mode 100644 index 0000000..6884b95 --- /dev/null +++ b/src/Checks/SessionCheck.php @@ -0,0 +1,86 @@ +url = $url; + $this->clientConfig = [ + 'base_uri' => Director::absoluteBaseURL(), + 'timeout' => 10.0, + ]; + } + + /** + * Check that the response for URL does not create a session + * + * @return array + */ + public function check(): array + { + $response = $this->fetchResponse($this->url); + $cookie = $this->getCookie($response); + $fullURL = Controller::join_links(Director::absoluteBaseURL(), $this->url); + + if ($cookie) { + return [ + EnvironmentCheck::ERROR, + "Sessions are being set for {$fullURL} : Set-Cookie => " . $cookie, + ]; + } + return [ + EnvironmentCheck::OK, + "Sessions are not being created for {$fullURL} 👍", + ]; + } + + /** + * Get PHPSESSID or SECSESSID cookie set from the response if it exists. + * + * @param ResponseInterface $response + * @return string|null Cookie contents or null if it doesn't exist + */ + public function getCookie(ResponseInterface $response): ?string + { + $result = null; + $cookies = $response->getHeader('Set-Cookie'); + + foreach ($cookies as $cookie) { + if (strpos($cookie, 'SESSID') !== false) { + $result = $cookie; + } + } + return $result; + } +}