scs/session_test.go

package scs

import (
	"fmt"
	"io/ioutil"
	"net/http"
	"net/http/cookiejar"
	"net/http/httptest"
	"strings"
	"testing"
	"time"
)

type testServer struct {
	*httptest.Server
}

func newTestServer(t *testing.T, h http.Handler) *testServer {
	ts := httptest.NewTLSServer(h)

	jar, err := cookiejar.New(nil)
	if err != nil {
		t.Fatal(err)
	}
	ts.Client().Jar = jar

	ts.Client().CheckRedirect = func(req *http.Request, via []*http.Request) error {
		return http.ErrUseLastResponse
	}

	return &testServer{ts}
}

func (ts *testServer) execute(t *testing.T, urlPath string) (http.Header, string) {
	rs, err := ts.Client().Get(ts.URL + urlPath)
	if err != nil {
		t.Fatal(err)
	}

	defer rs.Body.Close()
	body, err := ioutil.ReadAll(rs.Body)
	if err != nil {
		t.Fatal(err)
	}

	return rs.Header, string(body)
}

func extractTokenFromCookie(c string) string {
	parts := strings.Split(c, ";")
	return strings.SplitN(parts[0], "=", 2)[1]
}

func TestEnable(t *testing.T) {
	sessionManager := New()

	mux := http.NewServeMux()
	mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionManager.Put(r.Context(), "foo", "bar")
	}))
	mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		s := sessionManager.Get(r.Context(), "foo").(string)
		w.Write([]byte(s))
	}))

	ts := newTestServer(t, sessionManager.LoadAndSave(mux))
	defer ts.Close()

	header, _ := ts.execute(t, "/put")
	token1 := extractTokenFromCookie(header.Get("Set-Cookie"))

	header, body := ts.execute(t, "/get")
	if body != "bar" {
		t.Errorf("want %q; got %q", "bar", body)
	}
	if header.Get("Set-Cookie") != "" {
		t.Errorf("want %q; got %q", "", header.Get("Set-Cookie"))
	}

	header, _ = ts.execute(t, "/put")
	token2 := extractTokenFromCookie(header.Get("Set-Cookie"))
	if token1 != token2 {
		t.Error("want tokens to be the same")
	}
}

func TestLifetime(t *testing.T) {
	sessionManager := New()
	sessionManager.Lifetime = 500 * time.Millisecond

	mux := http.NewServeMux()
	mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionManager.Put(r.Context(), "foo", "bar")
	}))
	mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		v := sessionManager.Get(r.Context(), "foo")
		if v == nil {
			http.Error(w, "foo does not exist in session", 500)
			return
		}
		w.Write([]byte(v.(string)))
	}))

	ts := newTestServer(t, sessionManager.LoadAndSave(mux))
	defer ts.Close()

	ts.execute(t, "/put")

	_, body := ts.execute(t, "/get")
	if body != "bar" {
		t.Errorf("want %q; got %q", "bar", body)
	}
	time.Sleep(time.Second)

	_, body = ts.execute(t, "/get")
	if body != "foo does not exist in session\n" {
		t.Errorf("want %q; got %q", "foo does not exist in session\n", body)
	}
}

func TestIdleTimeout(t *testing.T) {
	sessionManager := New()
	sessionManager.IdleTimeout = 200 * time.Millisecond
	sessionManager.Lifetime = time.Second

	mux := http.NewServeMux()
	mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionManager.Put(r.Context(), "foo", "bar")
	}))
	mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		v := sessionManager.Get(r.Context(), "foo")
		if v == nil {
			http.Error(w, "foo does not exist in session", 500)
			return
		}
		w.Write([]byte(v.(string)))
	}))

	ts := newTestServer(t, sessionManager.LoadAndSave(mux))
	defer ts.Close()

	ts.execute(t, "/put")

	time.Sleep(100 * time.Millisecond)
	ts.execute(t, "/get")

	time.Sleep(150 * time.Millisecond)
	_, body := ts.execute(t, "/get")
	if body != "bar" {
		t.Errorf("want %q; got %q", "bar", body)
	}

	time.Sleep(200 * time.Millisecond)
	_, body = ts.execute(t, "/get")
	if body != "foo does not exist in session\n" {
		t.Errorf("want %q; got %q", "foo does not exist in session\n", body)
	}
}

func TestDestroy(t *testing.T) {
	sessionManager := New()

	mux := http.NewServeMux()
	mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionManager.Put(r.Context(), "foo", "bar")
	}))
	mux.HandleFunc("/destroy", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		err := sessionManager.Destroy(r.Context())
		if err != nil {
			http.Error(w, err.Error(), 500)
			return
		}
	}))
	mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		v := sessionManager.Get(r.Context(), "foo")
		if v == nil {
			http.Error(w, "foo does not exist in session", 500)
			return
		}
		w.Write([]byte(v.(string)))
	}))

	ts := newTestServer(t, sessionManager.LoadAndSave(mux))
	defer ts.Close()

	ts.execute(t, "/put")
	header, _ := ts.execute(t, "/destroy")
	cookie := header.Get("Set-Cookie")

	if strings.HasPrefix(cookie, fmt.Sprintf("%s=;", sessionManager.Cookie.Name)) == false {
		t.Fatalf("got %q: expected prefix %q", cookie, fmt.Sprintf("%s=;", sessionManager.Cookie.Name))
	}
	if strings.Contains(cookie, "Expires=Thu, 01 Jan 1970 00:00:01 GMT") == false {
		t.Fatalf("got %q: expected to contain %q", cookie, "Expires=Thu, 01 Jan 1970 00:00:01 GMT")
	}
	if strings.Contains(cookie, "Max-Age=0") == false {
		t.Fatalf("got %q: expected to contain %q", cookie, "Max-Age=0")
	}

	_, body := ts.execute(t, "/get")
	if body != "foo does not exist in session\n" {
		t.Errorf("want %q; got %q", "foo does not exist in session\n", body)
	}
}

func TestRenewToken(t *testing.T) {
	sessionManager := New()

	mux := http.NewServeMux()
	mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		sessionManager.Put(r.Context(), "foo", "bar")
	}))
	mux.HandleFunc("/renew", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		err := sessionManager.RenewToken(r.Context())
		if err != nil {
			http.Error(w, err.Error(), 500)
			return
		}
	}))
	mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		v := sessionManager.Get(r.Context(), "foo")
		if v == nil {
			http.Error(w, "foo does not exist in session", 500)
			return
		}
		w.Write([]byte(v.(string)))
	}))

	ts := newTestServer(t, sessionManager.LoadAndSave(mux))
	defer ts.Close()

	header, _ := ts.execute(t, "/put")
	cookie := header.Get("Set-Cookie")
	originalToken := extractTokenFromCookie(cookie)

	header, _ = ts.execute(t, "/renew")
	cookie = header.Get("Set-Cookie")
	newToken := extractTokenFromCookie(cookie)

	if newToken == originalToken {
		t.Fatal("token has not changed")
	}

	header, body := ts.execute(t, "/get")
	if body != "bar" {
		t.Errorf("want %q; got %q", "bar", body)
	}
}
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`package scs`

			`import (`
			`"fmt"`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`"io/ioutil"`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`"net/http"`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`"net/http/cookiejar"`
			`"net/http/httptest"`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`"strings"`
			`"testing"`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`"time"`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`)`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`type testServer struct {`
			`*httptest.Server`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`func newTestServer(t testing.T, h http.Handler) testServer {`
			`ts := httptest.NewTLSServer(h)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`jar, err := cookiejar.New(nil)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`ts.Client().Jar = jar`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`ts.Client().CheckRedirect = func(req http.Request, via []http.Request) error {`
			`return http.ErrUseLastResponse`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`return &testServer{ts}`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`func (ts testServer) execute(t testing.T, urlPath string) (http.Header, string) {`
			`rs, err := ts.Client().Get(ts.URL + urlPath)`
			`if err != nil {`
			`t.Fatal(err)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`defer rs.Body.Close()`
			`body, err := ioutil.ReadAll(rs.Body)`
			`if err != nil {`
			`t.Fatal(err)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`return rs.Header, string(body)`
			`}`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`func extractTokenFromCookie(c string) string {`
			`parts := strings.Split(c, ";")`
			`return strings.SplitN(parts[0], "=", 2)[1]`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`func TestEnable(t *testing.T) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager := New()`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`mux := http.NewServeMux()`
			`mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager.Put(r.Context(), "foo", "bar")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`}))`
			`mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`s := sessionManager.Get(r.Context(), "foo").(string)`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`w.Write([]byte(s))`
			`}))`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`ts := newTestServer(t, sessionManager.LoadAndSave(mux))`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`defer ts.Close()`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`header, _ := ts.execute(t, "/put")`
			`token1 := extractTokenFromCookie(header.Get("Set-Cookie"))`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`header, body := ts.execute(t, "/get")`
			`if body != "bar" {`
			`t.Errorf("want %q; got %q", "bar", body)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if header.Get("Set-Cookie") != "" {`
			`t.Errorf("want %q; got %q", "", header.Get("Set-Cookie"))`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`header, _ = ts.execute(t, "/put")`
			`token2 := extractTokenFromCookie(header.Get("Set-Cookie"))`
			`if token1 != token2 {`
			`t.Error("want tokens to be the same")`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`
			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`func TestLifetime(t *testing.T) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager := New()`
			`sessionManager.Lifetime = 500 * time.Millisecond`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`mux := http.NewServeMux()`
			`mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager.Put(r.Context(), "foo", "bar")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`}))`
			`mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`v := sessionManager.Get(r.Context(), "foo")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if v == nil {`
			`http.Error(w, "foo does not exist in session", 500)`
			`return`
			`}`
			`w.Write([]byte(v.(string)))`
			`}))`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`ts := newTestServer(t, sessionManager.LoadAndSave(mux))`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`defer ts.Close()`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`ts.execute(t, "/put")`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`_, body := ts.execute(t, "/get")`
			`if body != "bar" {`
			`t.Errorf("want %q; got %q", "bar", body)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`time.Sleep(time.Second)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`_, body = ts.execute(t, "/get")`
			`if body != "foo does not exist in session\n" {`
			`t.Errorf("want %q; got %q", "foo does not exist in session\n", body)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`
			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`func TestIdleTimeout(t *testing.T) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager := New()`
			`sessionManager.IdleTimeout = 200 * time.Millisecond`
			`sessionManager.Lifetime = time.Second`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`mux := http.NewServeMux()`
			`mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager.Put(r.Context(), "foo", "bar")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`}))`
			`mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`v := sessionManager.Get(r.Context(), "foo")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if v == nil {`
			`http.Error(w, "foo does not exist in session", 500)`
			`return`
			`}`
			`w.Write([]byte(v.(string)))`
			`}))`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`ts := newTestServer(t, sessionManager.LoadAndSave(mux))`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`defer ts.Close()`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`ts.execute(t, "/put")`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`time.Sleep(100 * time.Millisecond)`
			`ts.execute(t, "/get")`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`time.Sleep(150 * time.Millisecond)`
			`_, body := ts.execute(t, "/get")`
			`if body != "bar" {`
			`t.Errorf("want %q; got %q", "bar", body)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`time.Sleep(200 * time.Millisecond)`
			`_, body = ts.execute(t, "/get")`
			`if body != "foo does not exist in session\n" {`
			`t.Errorf("want %q; got %q", "foo does not exist in session\n", body)`
[refactor] Deprecate Middleware 2017-08-31 17:20:58 +02:00			`}`
			`}`
[feature] Support multiple sessions 2017-10-07 19:03:35 +02:00
Merge v2 changes 2019-04-28 07:30:35 +02:00			`func TestDestroy(t *testing.T) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager := New()`
Merge v2 changes 2019-04-28 07:30:35 +02:00
			`mux := http.NewServeMux()`
			`mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`sessionManager.Put(r.Context(), "foo", "bar")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`}))`
			`mux.HandleFunc("/destroy", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`err := sessionManager.Destroy(r.Context())`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if err != nil {`
			`http.Error(w, err.Error(), 500)`
			`return`
			`}`
			`}))`
			`mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`v := sessionManager.Get(r.Context(), "foo")`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if v == nil {`
			`http.Error(w, "foo does not exist in session", 500)`
			`return`
			`}`
			`w.Write([]byte(v.(string)))`
			`}))`

Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`ts := newTestServer(t, sessionManager.LoadAndSave(mux))`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`defer ts.Close()`

			`ts.execute(t, "/put")`
			`header, _ := ts.execute(t, "/destroy")`
			`cookie := header.Get("Set-Cookie")`

Alias Session to SessionManager and NewSession to New 2019-06-18 12:49:37 +02:00			`if strings.HasPrefix(cookie, fmt.Sprintf("%s=;", sessionManager.Cookie.Name)) == false {`
			`t.Fatalf("got %q: expected prefix %q", cookie, fmt.Sprintf("%s=;", sessionManager.Cookie.Name))`
[feature] Support multiple sessions 2017-10-07 19:03:35 +02:00			`}`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if strings.Contains(cookie, "Expires=Thu, 01 Jan 1970 00:00:01 GMT") == false {`
			`t.Fatalf("got %q: expected to contain %q", cookie, "Expires=Thu, 01 Jan 1970 00:00:01 GMT")`
[feature] Support multiple sessions 2017-10-07 19:03:35 +02:00			`}`
Merge v2 changes 2019-04-28 07:30:35 +02:00			`if strings.Contains(cookie, "Max-Age=0") == false {`
			`t.Fatalf("got %q: expected to contain %q", cookie, "Max-Age=0")`
[feature] Support multiple sessions 2017-10-07 19:03:35 +02:00			`}`

Merge v2 changes 2019-04-28 07:30:35 +02:00			`_, body := ts.execute(t, "/get")`
			`if body != "foo does not exist in session\n" {`
			`t.Errorf("want %q; got %q", "foo does not exist in session\n", body)`
[feature] Support multiple sessions 2017-10-07 19:03:35 +02:00			`}`
			`}`
Improve test coverage 2019-06-21 13:35:08 +02:00
			`func TestRenewToken(t *testing.T) {`
			`sessionManager := New()`

			`mux := http.NewServeMux()`
			`mux.HandleFunc("/put", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`sessionManager.Put(r.Context(), "foo", "bar")`
			`}))`
			`mux.HandleFunc("/renew", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`err := sessionManager.RenewToken(r.Context())`
			`if err != nil {`
			`http.Error(w, err.Error(), 500)`
			`return`
			`}`
			`}))`
			`mux.HandleFunc("/get", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`v := sessionManager.Get(r.Context(), "foo")`
			`if v == nil {`
			`http.Error(w, "foo does not exist in session", 500)`
			`return`
			`}`
			`w.Write([]byte(v.(string)))`
			`}))`

			`ts := newTestServer(t, sessionManager.LoadAndSave(mux))`
			`defer ts.Close()`

			`header, _ := ts.execute(t, "/put")`
			`cookie := header.Get("Set-Cookie")`
			`originalToken := extractTokenFromCookie(cookie)`

			`header, _ = ts.execute(t, "/renew")`
			`cookie = header.Get("Set-Cookie")`
			`newToken := extractTokenFromCookie(cookie)`

			`if newToken == originalToken {`
			`t.Fatal("token has not changed")`
			`}`

			`header, body := ts.execute(t, "/get")`
			`if body != "bar" {`
			`t.Errorf("want %q; got %q", "bar", body)`
			`}`
			`}`