8 use Wikimedia\TestingAccessWrapper;
18 return new \HashConfig( [
19 'CookiePrefix' =>
'CookiePrefix',
20 'CookiePath' =>
'CookiePath',
21 'CookieDomain' =>
'CookieDomain',
22 'CookieSecure' =>
true,
23 'CookieHttpOnly' =>
true,
24 'CookieSameSite' =>
'',
25 'SessionName' =>
false,
26 'CookieExpiration' => 100,
27 'ExtendedLoginCookieExpiration' => 200,
28 'ForceHTTPS' =>
false,
45 $this->fail(
'Expected exception not thrown' );
46 }
catch ( \InvalidArgumentException $ex ) {
48 'MediaWiki\\Session\\CookieSessionProvider::__construct: priority must be specified',
55 $this->fail(
'Expected exception not thrown' );
56 }
catch ( \InvalidArgumentException $ex ) {
58 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
64 $this->fail(
'Expected exception not thrown' );
65 }
catch ( \InvalidArgumentException $ex ) {
67 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
73 $this->fail(
'Expected exception not thrown' );
74 }
catch ( \InvalidArgumentException $ex ) {
76 'MediaWiki\\Session\\CookieSessionProvider::__construct: Invalid priority',
83 $this->fail(
'Expected exception not thrown' );
84 }
catch ( \InvalidArgumentException $ex ) {
86 'MediaWiki\\Session\\CookieSessionProvider::__construct: cookieOptions must be an array',
92 $p = TestingAccessWrapper::newFromObject(
97 $this->assertEquals( 1, $p->priority );
98 $this->assertEquals( [
99 'callUserSetCookiesHook' =>
false,
100 'sessionName' =>
'CookiePrefix_session',
102 $this->assertEquals( [
103 'prefix' =>
'CookiePrefix',
104 'path' =>
'CookiePath',
105 'domain' =>
'CookieDomain',
109 ], $p->cookieOptions );
111 $config->set(
'SessionName',
'SessionName' );
112 $p = TestingAccessWrapper::newFromObject(
117 $this->assertEquals( 3, $p->priority );
118 $this->assertEquals( [
119 'callUserSetCookiesHook' =>
false,
120 'sessionName' =>
'SessionName',
122 $this->assertEquals( [
123 'prefix' =>
'CookiePrefix',
124 'path' =>
'CookiePath',
125 'domain' =>
'CookieDomain',
129 ], $p->cookieOptions );
133 'callUserSetCookiesHook' =>
true,
135 'prefix' =>
'XPrefix',
137 'domain' =>
'XDomain',
138 'secure' =>
'XSecure',
139 'httpOnly' =>
'XHttpOnly',
140 'sameSite' =>
'XSameSite',
142 'sessionName' =>
'XSession',
146 $this->assertEquals( 10, $p->priority );
147 $this->assertEquals( [
148 'callUserSetCookiesHook' =>
true,
149 'sessionName' =>
'XSession',
151 $this->assertEquals( [
152 'prefix' =>
'XPrefix',
154 'domain' =>
'XDomain',
155 'secure' =>
'XSecure',
156 'httpOnly' =>
'XHttpOnly',
157 'sameSite' =>
'XSameSite',
158 ], $p->cookieOptions );
164 $this->assertTrue( $provider->persistsSessionId() );
165 $this->assertTrue( $provider->canChangeUser() );
167 $extendedCookies = [
'UserID',
'UserName',
'Token' ];
171 TestingAccessWrapper::newFromObject( $provider )->getExtendedLoginCookies(),
172 'List of extended cookies (subclasses can add values, but we\'re calling the core one here)'
175 $msg = $provider->whyNoSession();
177 $this->assertSame(
'sessionprovider-nocookies', $msg->getKey() );
183 'sessionName' =>
'session',
184 'cookieOptions' => [
'prefix' =>
'x' ],
187 $logger = new \TestLogger(
true );
188 $provider->setLogger( $logger );
189 $provider->setConfig( $this->
getConfig() );
192 $user = static::getTestSysop()->getUser();
193 $id =
$user->getId();
195 $token =
$user->getToken(
true );
197 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
201 $info = $provider->provideSessionInfo(
$request );
202 $this->assertNull( $info );
203 $this->assertSame( [], $logger->getBuffer() );
204 $logger->clearBuffer();
209 'session' => $sessionId,
211 $info = $provider->provideSessionInfo(
$request );
212 $this->assertNotNull( $info );
213 $this->assertSame(
$params[
'priority'], $info->getPriority() );
214 $this->assertSame( $sessionId, $info->getId() );
215 $this->assertNotNull( $info->getUserInfo() );
216 $this->assertSame( 0, $info->getUserInfo()->getId() );
217 $this->assertNull( $info->getUserInfo()->getName() );
218 $this->assertFalse( $info->forceHTTPS() );
222 'Session "{session}" requested without UserID cookie',
224 ], $logger->getBuffer() );
225 $logger->clearBuffer();
233 $info = $provider->provideSessionInfo(
$request );
234 $this->assertNotNull( $info );
235 $this->assertSame(
$params[
'priority'], $info->getPriority() );
236 $this->assertNotSame( $sessionId, $info->getId() );
237 $this->assertNotNull( $info->getUserInfo() );
238 $this->assertSame( $id, $info->getUserInfo()->getId() );
239 $this->assertSame(
$name, $info->getUserInfo()->getName() );
240 $this->assertFalse( $info->forceHTTPS() );
241 $this->assertSame( [], $logger->getBuffer() );
242 $logger->clearBuffer();
247 'session' => $sessionId,
251 $info = $provider->provideSessionInfo(
$request );
252 $this->assertNotNull( $info );
253 $this->assertSame(
$params[
'priority'], $info->getPriority() );
254 $this->assertSame( $sessionId, $info->getId() );
255 $this->assertNotNull( $info->getUserInfo() );
256 $this->assertSame( $id, $info->getUserInfo()->getId() );
257 $this->assertSame(
$name, $info->getUserInfo()->getName() );
258 $this->assertFalse( $info->forceHTTPS() );
259 $this->assertSame( [], $logger->getBuffer() );
260 $logger->clearBuffer();
265 'session' => $sessionId,
267 'xToken' =>
'BADTOKEN',
269 $info = $provider->provideSessionInfo(
$request );
270 $this->assertNull( $info );
274 'Session "{session}" requested with invalid Token cookie.'
276 ], $logger->getBuffer() );
277 $logger->clearBuffer();
282 'session' => $sessionId,
285 $info = $provider->provideSessionInfo(
$request );
286 $this->assertNotNull( $info );
287 $this->assertSame(
$params[
'priority'], $info->getPriority() );
288 $this->assertSame( $sessionId, $info->getId() );
289 $this->assertNotNull( $info->getUserInfo() );
290 $this->assertFalse( $info->getUserInfo()->isVerified() );
291 $this->assertSame( $id, $info->getUserInfo()->getId() );
292 $this->assertSame(
$name, $info->getUserInfo()->getName() );
293 $this->assertFalse( $info->forceHTTPS() );
294 $this->assertSame( [], $logger->getBuffer() );
295 $logger->clearBuffer();
301 $info = $provider->provideSessionInfo(
$request );
302 $this->assertNull( $info );
303 $this->assertSame( [], $logger->getBuffer() );
304 $logger->clearBuffer();
309 'session' => $sessionId,
312 'forceHTTPS' =>
true,
314 $info = $provider->provideSessionInfo(
$request );
315 $this->assertNotNull( $info );
316 $this->assertSame(
$params[
'priority'], $info->getPriority() );
317 $this->assertSame( $sessionId, $info->getId() );
318 $this->assertNotNull( $info->getUserInfo() );
319 $this->assertSame( $id, $info->getUserInfo()->getId() );
320 $this->assertSame(
$name, $info->getUserInfo()->getName() );
321 $this->assertTrue( $info->forceHTTPS() );
322 $this->assertSame( [], $logger->getBuffer() );
323 $logger->clearBuffer();
328 'session' => $sessionId,
331 $info = $provider->provideSessionInfo(
$request );
332 $this->assertNull( $info );
333 $this->assertSame( [], $logger->getBuffer() );
334 $logger->clearBuffer();
339 'session' => $sessionId,
341 'xUserName' =>
$name,
343 $info = $provider->provideSessionInfo(
$request );
344 $this->assertNotNull( $info );
345 $this->assertSame(
$params[
'priority'], $info->getPriority() );
346 $this->assertSame( $sessionId, $info->getId() );
347 $this->assertNotNull( $info->getUserInfo() );
348 $this->assertFalse( $info->getUserInfo()->isVerified() );
349 $this->assertSame( $id, $info->getUserInfo()->getId() );
350 $this->assertSame(
$name, $info->getUserInfo()->getName() );
351 $this->assertFalse( $info->forceHTTPS() );
352 $this->assertSame( [], $logger->getBuffer() );
353 $logger->clearBuffer();
358 'session' => $sessionId,
360 'xUserName' =>
'Wrong',
362 $info = $provider->provideSessionInfo(
$request );
363 $this->assertNull( $info );
367 'Session "{session}" requested with mismatched UserID and UserName cookies.',
369 ], $logger->getBuffer() );
370 $logger->clearBuffer();
376 'sessionName' =>
'MySessionName',
377 'cookieOptions' => [
'prefix' =>
'MyCookiePrefix' ],
380 'MyCookiePrefixToken',
381 'MyCookiePrefixLoggedOut',
384 ], $provider->getVaryCookies() );
390 'sessionName' =>
'MySessionName',
391 'cookieOptions' => [
'prefix' =>
'x' ],
395 $this->assertEquals(
null, $provider->suggestLoginUsername(
$request ) );
398 'xUserName' =>
'Example',
400 $this->assertEquals(
'Example', $provider->suggestLoginUsername(
$request ) );
407 'sessionName' =>
'MySessionName',
408 'callUserSetCookiesHook' =>
false,
409 'cookieOptions' => [
'prefix' =>
'x' ],
412 $config->set(
'ForceHTTPS', $forceHTTPS );
414 $provider->setConfig(
$config );
417 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
421 $this->
setMwGlobals( [
'wgForceHTTPS' => $forceHTTPS ] );
423 $user = static::getTestSysop()->getUser();
429 'provider' => $provider,
435 new \Psr\Log\NullLogger(),
438 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
441 ->setMethods( [
'onUserSetCookies' ] )
443 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
447 $backend->setUser( $anon );
448 $backend->setRememberUser(
true );
449 $backend->setForceHTTPS(
false );
451 $provider->persistSession( $backend,
$request );
452 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
453 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
454 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
455 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
457 $this->assertSame(
null,
$request->response()->getCookie(
'forceHTTPS' ) );
459 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
461 $this->assertSame( [], $backend->getData() );
464 $backend->setUser(
$user );
465 $backend->setRememberUser(
false );
466 $backend->setForceHTTPS(
false );
468 $provider->persistSession( $backend,
$request );
469 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
470 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
471 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
472 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
474 $this->assertSame(
null,
$request->response()->getCookie(
'forceHTTPS' ) );
476 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
478 $this->assertSame( [], $backend->getData() );
481 $backend->setUser(
$user );
482 $backend->setRememberUser(
true );
483 $backend->setForceHTTPS(
true );
486 $provider->persistSession( $backend,
$request );
487 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
488 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
489 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
490 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
492 $this->assertSame(
null,
$request->response()->getCookie(
'forceHTTPS' ) );
494 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
496 $this->assertSame( [], $backend->getData() );
507 'wgSecureLogin' =>
false,
508 'wgForceHTTPS' => $forceHTTPS,
513 'sessionName' =>
'MySessionName',
514 'callUserSetCookiesHook' =>
false,
515 'cookieOptions' => [
'prefix' =>
'x' ],
518 $config->set(
'CookieSecure', $secure );
519 $config->set(
'ForceHTTPS', $forceHTTPS );
521 $provider->setConfig(
$config );
524 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
525 $user = static::getTestSysop()->getUser();
526 $this->assertSame(
$user->requiresHTTPS(), $forceHTTPS,
'sanity check' );
531 'provider' => $provider,
537 new \Psr\Log\NullLogger(),
540 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
541 $backend->setUser(
$user );
542 $backend->setRememberUser( $remember );
543 $backend->setForceHTTPS( $secure );
546 $provider->persistSession( $backend,
$request );
549 'expire' => (int)100,
552 'secure' => $secure || $forceHTTPS,
553 'httpOnly' =>
$config->
get(
'CookieHttpOnly' ),
557 $normalExpiry =
$config->
get(
'CookieExpiration' );
558 $extendedExpiry =
$config->
get(
'ExtendedLoginCookieExpiration' );
559 $extendedExpiry = (int)( $extendedExpiry ===
null ? 0 : $extendedExpiry );
562 'value' => (
string)$sessionId,
566 'value' => (
string)
$user->getId(),
567 'expire' => $remember ? $extendedExpiry : $normalExpiry,
570 'value' =>
$user->getName(),
571 'expire' => $remember ? $extendedExpiry : $normalExpiry
574 'value' => $remember ?
$user->getToken() :
'',
575 'expire' => $remember ? $extendedExpiry : -31536000,
578 if ( !$forceHTTPS ) {
579 $expect[
'forceHTTPS'] = [
580 'value' => $secure ?
'true' :
'',
582 'expire' => $secure ? $remember ? $defaults[
'expire'] : 0 : -31536000,
585 foreach ( $expect
as $key =>
$value ) {
586 $actual =
$request->response()->getCookieData( $key );
587 if ( $actual && $actual[
'expire'] > 0 ) {
589 $actual[
'expire'] = round( $actual[
'expire'] -
$time, -2 );
591 $this->assertEquals(
$value, $actual,
"Cookie $key" );
596 return \ArrayUtils::cartesianProduct(
605 ->setMethods( [
'headersSent',
'setCookie',
'header' ] )->getMock();
606 $sentResponse->expects( $this->any() )->method(
'headersSent' )
607 ->will( $this->returnValue(
true ) );
608 $sentResponse->expects( $this->never() )->method(
'setCookie' );
609 $sentResponse->expects( $this->never() )->method(
'header' );
612 ->setMethods( [
'response' ] )->getMock();
613 $sentRequest->expects( $this->any() )->method(
'response' )
614 ->will( $this->returnValue( $sentResponse ) );
621 'sessionName' =>
'MySessionName',
622 'callUserSetCookiesHook' =>
true,
623 'cookieOptions' => [
'prefix' =>
'x' ],
625 $provider->setLogger(
new \Psr\Log\NullLogger() );
626 $provider->setConfig( $this->
getConfig() );
632 $sessionId =
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
634 $user = static::getTestSysop()->getUser();
640 'provider' => $provider,
646 new \Psr\Log\NullLogger(),
649 TestingAccessWrapper::newFromObject( $backend )->usePhpSessionHandling =
false;
653 ->setMethods( [
'onUserSetCookies' ] )->getMock();
654 $mock->expects( $this->never() )->method(
'onUserSetCookies' );
656 $backend->setUser( $anon );
657 $backend->setRememberUser(
true );
658 $backend->setForceHTTPS(
false );
660 $provider->persistSession( $backend,
$request );
661 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
662 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
663 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
664 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
665 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
666 $this->assertSame( [], $backend->getData() );
671 $mock = $this->getMockBuilder( __CLASS__ )
672 ->setMethods( [
'onUserSetCookies' ] )->getMock();
673 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
674 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
675 $this->assertSame(
$user, $u );
676 $this->assertEquals( [
677 'wsUserID' =>
$user->getId(),
678 'wsUserName' =>
$user->getName(),
679 'wsToken' =>
$user->getToken(),
681 $this->assertEquals( [
682 'UserID' =>
$user->getId(),
683 'UserName' =>
$user->getName(),
687 $sessionData[
'foo'] =
'foo!';
688 $cookies[
'bar'] =
'bar!';
692 $backend->setUser(
$user );
693 $backend->setRememberUser(
false );
694 $backend->setForceHTTPS(
false );
695 $backend->setLoggedOutTimestamp( $loggedOut = time() );
697 $provider->persistSession( $backend,
$request );
698 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
699 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
700 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
701 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
702 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
703 $this->assertSame(
'bar!',
$request->response()->getCookie(
'xbar' ) );
704 $this->assertSame( (
string)$loggedOut,
$request->response()->getCookie(
'xLoggedOut' ) );
705 $this->assertEquals( [
706 'wsUserID' =>
$user->getId(),
707 'wsUserName' =>
$user->getName(),
708 'wsToken' =>
$user->getToken(),
710 ], $backend->getData() );
715 $mock = $this->getMockBuilder( __CLASS__ )
716 ->setMethods( [
'onUserSetCookies' ] )->getMock();
717 $mock->expects( $this->once() )->method(
'onUserSetCookies' )
718 ->will( $this->returnCallback(
function ( $u, &$sessionData, &$cookies )
use (
$user ) {
719 $this->assertSame(
$user, $u );
720 $this->assertEquals( [
721 'wsUserID' =>
$user->getId(),
722 'wsUserName' =>
$user->getName(),
723 'wsToken' =>
$user->getToken(),
725 $this->assertEquals( [
726 'UserID' =>
$user->getId(),
727 'UserName' =>
$user->getName(),
728 'Token' =>
$user->getToken(),
731 $sessionData[
'foo'] =
'foo 2!';
732 $cookies[
'bar'] =
'bar 2!';
736 $backend->setUser(
$user );
737 $backend->setRememberUser(
true );
738 $backend->setForceHTTPS(
true );
739 $backend->setLoggedOutTimestamp( 0 );
741 $provider->persistSession( $backend,
$request );
742 $this->assertSame( $sessionId,
$request->response()->getCookie(
'MySessionName' ) );
743 $this->assertSame( (
string)
$user->getId(),
$request->response()->getCookie(
'xUserID' ) );
744 $this->assertSame(
$user->getName(),
$request->response()->getCookie(
'xUserName' ) );
745 $this->assertSame(
$user->getToken(),
$request->response()->getCookie(
'xToken' ) );
746 $this->assertSame(
'true',
$request->response()->getCookie(
'forceHTTPS' ) );
747 $this->assertSame(
'bar 2!',
$request->response()->getCookie(
'xbar' ) );
748 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
749 $this->assertEquals( [
750 'wsUserID' =>
$user->getId(),
751 'wsUserName' =>
$user->getName(),
752 'wsToken' =>
$user->getToken(),
754 ], $backend->getData() );
762 'sessionName' =>
'MySessionName',
763 'cookieOptions' => [
'prefix' =>
'x' ],
765 $provider->setLogger(
new \Psr\Log\NullLogger() );
766 $provider->setConfig( $this->
getConfig() );
770 $provider->unpersistSession(
$request );
771 $this->assertSame(
'',
$request->response()->getCookie(
'MySessionName' ) );
772 $this->assertSame(
'',
$request->response()->getCookie(
'xUserID' ) );
773 $this->assertSame(
null,
$request->response()->getCookie(
'xUserName' ) );
774 $this->assertSame(
'',
$request->response()->getCookie(
'xToken' ) );
775 $this->assertSame(
'',
$request->response()->getCookie(
'forceHTTPS' ) );
783 'sessionName' =>
'MySessionName',
784 'cookieOptions' => [
'prefix' =>
'x' ],
786 $provider->setLogger(
new \Psr\Log\NullLogger() );
787 $provider->setConfig( $this->
getConfig() );
791 $t2 = time() - 86400 * 2;
795 $provider->setLoggedOutCookie( $t1,
$request );
796 $this->assertSame( (
string)$t1,
$request->response()->getCookie(
'xLoggedOut' ) );
800 $provider->setLoggedOutCookie( $t2,
$request );
801 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
808 $provider->setLoggedOutCookie( $t1,
$request );
809 $this->assertSame(
null,
$request->response()->getCookie(
'xLoggedOut' ) );
822 'sessionName' =>
'MySessionName',
823 'cookieOptions' => [
'prefix' =>
'x' ],
825 $provider->setLogger(
new \Psr\Log\NullLogger() );
826 $provider->setConfig( $this->
getConfig() );
828 $provider = TestingAccessWrapper::newFromObject( $provider );
835 $this->assertSame(
'foo!', $provider->getCookie(
$request,
'Foo',
'x' ) );
836 $this->assertNull( $provider->getCookie(
$request,
'Bar',
'x' ) );
837 $this->assertNull( $provider->getCookie(
$request,
'Baz',
'x' ) );
843 $provider->setLogger(
new \Psr\Log\NullLogger() );
844 $provider->setConfig(
$config );
847 $this->assertSame( 200, $provider->getRememberUserDuration() );
849 $config->set(
'ExtendedLoginCookieExpiration',
null );
851 $this->assertSame( 100, $provider->getRememberUserDuration() );
853 $config->set(
'ExtendedLoginCookieExpiration', 0 );
855 $this->assertSame(
null, $provider->getRememberUserDuration() );
863 $provider->setLogger(
new \Psr\Log\NullLogger() );
864 $provider->setConfig(
$config );
868 $this->assertSame( 200, $provider->getLoginCookieExpiration(
'Token',
true ) );
869 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'User',
true ) );
872 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'UserID',
false ) );
873 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'User',
false ) );
875 $config->set(
'ExtendedLoginCookieExpiration',
null );
877 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'Token',
true ) );
878 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'User',
true ) );
880 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'Token',
false ) );
881 $this->assertSame( 100, $provider->getLoginCookieExpiration(
'User',
false ) );