Fix tests.

src/Http/Middleware/SessionCsrfProtectionMiddleware.php

@@ -287,6 +287,6 @@ class SessionCsrfProtectionMiddleware implements MiddlewareInterface
         $token = $middleware->createToken();
         $request->getSession()->write($key, $token);
 
-        return $request->withAttribute('csrfToken', $middleware->saltToken($token));
+        return $request->withAttribute($key, $middleware->saltToken($token));
     }
 }

tests/TestCase/Http/Middleware/SessionCsrfProtectionMiddlewareTest.php

@@ -423,14 +423,16 @@ class SessionCsrfProtectionMiddlewareTest extends TestCase
             'url' => '/articles/',
         ]);
         $updated = SessionCsrfProtectionMiddleware::replaceToken($request);
+        $this->assertNotSame($request, $updated);
+
         $session = $updated->getSession()->read('csrfToken');
         $this->assertNotEmpty($session);
-
         $attribute = $updated->getAttribute('csrfToken');
         $this->assertNotEmpty($attribute);
         $this->assertNotEquals($session, $attribute, 'Should not be equal because of salting');
 
         $updated = SessionCsrfProtectionMiddleware::replaceToken($request, 'custom-key');
+        $this->assertNotSame($request, $updated);
         $this->assertNotEmpty($updated->getSession()->read('custom-key'));
         $this->assertNotEmpty($updated->getAttribute('custom-key'));
     }