Test session id cycling on webfront login

Uninett · Feb 23, 2024 · ce92ff7 · ce92ff7
1 parent deba0a1
commit ce92ff7
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/tests/integration/web/webfront_test.py b/tests/integration/web/webfront_test.py
@@ -66,3 +66,15 @@ def test_set_default_dashboard_with_multiple_previous_defaults_should_succeed(
         AccountDashboard.objects.filter(account=admin_account, is_default=True).count()
         == 1
     )
+
+
+def test_session_id_is_changed_after_logging_in(db, client, admin_account):
+    login_url = reverse('webfront-login')
+    # make sure we have a session ID we can use for comparison
+    assert client.session.session_key
+    session_id_pre_login = client.session.session_key
+    client.post(
+        login_url, {'username': admin_account.login, 'password': admin_account.password}
+    )
+    session_id_post_login = client.session.session_key
+    assert session_id_post_login != session_id_pre_login