symfony
diff --git a/‎src/Symfony/Component/HttpFoundation/Session/Session.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Session.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Session/Session.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Session.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+4-4Lines changed: 4 additions & 4 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+4-4Lines changed: 4 additions & 4 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
-4Lines changed: 0 additions & 4 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
-4Lines changed: 0 additions & 4 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
+47Lines changed: 47 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
+47Lines changed: 47 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
+1-5Lines changed: 1 addition & 5 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
+1-5Lines changed: 1 addition & 5 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
Copy file name to clipboard
+78Lines changed: 78 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
Copy file name to clipboard
+78Lines changed: 78 additions & 0 deletions
@@ -257,6 +257,6 @@ public function getFlashBag()
      */
     private function getAttributeBag()
     {
-        return $this->storage->getBag($this->attributeName)->getBag();
+        return $this->getBag($this->attributeName);
     }
 }
@@ -61,10 +61,10 @@ public function onKernelResponse(FilterResponseEvent $event)
         $session = $event->getRequest()->getSession();
         if ($session && $session->isStarted()) {
             $session->save();
-            if (!$session instanceof Session || !\method_exists($session, 'isEmpty') || !$session->isEmpty()) {
-                $params = session_get_cookie_params();
-                $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']));
-            }
+        }
+        if ($session && ($session instanceof Session && \method_exists($session, 'isEmpty') ? !$session->isEmpty() : $session->isStarted())) {
+            $params = session_get_cookie_params();
+            $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']));
         }
     }
 
 
@@ -53,10 +53,6 @@ public function onKernelResponse(FilterResponseEvent $event)
         $session = $event->getRequest()->getSession();
         if ($session && $session->isStarted()) {
             $session->save();
-            $event->getResponse()
-                ->setPrivate()
-                ->setMaxAge(0)
-                ->headers->addCacheControlDirective('must-revalidate');
         }
     }
 
 
@@ -12,6 +12,10 @@
 namespace Symfony\Component\HttpKernel\EventListener;
 
 use Psr\Container\ContainerInterface;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
 
 /**
  * Sets the session in the request.
@@ -29,6 +33,41 @@ public function __construct(ContainerInterface $container)
         $this->container = $container;
     }
 
+    public function onKernelResponse(FilterResponseEvent $event)
+    {
+        if (!$event->isMasterRequest()) {
+            return;
+        }
+
+        if (!$session = $event->getRequest()->getSession()) {
+            return;
+        }
+
+        $sessionHasStarted = $session->isStarted();
+        if (!$sessionHasStarted && $session instanceof Session) {
+            if (\method_exists($session, 'isEmpty') && !$session->isEmpty()) {
+                $sessionHasStarted = true;
+            } else {
+                // Session::$storage and NativeSessionStorage::$closed are protected, thus are part of the BC promise.
+                // Read them to check if the session has been closed (note that they can be made public by inheritance.)
+                $session = (array) $session;
+                $storage = isset($session["\0*\0storage"]) ? $session["\0*\0storage"] : $session['storage'];
+
+                if ($storage instanceof NativeSessionStorage) {
+                    $storage = (array) $storage;
+                    $sessionHasStarted = isset($storage["\0*\0closed"]) ? $storage["\0*\0closed"] : $storage['closed'];
+                }
+            }
+        }
+
+        if ($sessionHasStarted) {
+            $event->getResponse()
+                ->setPrivate()
+                ->setMaxAge(0)
+                ->headers->addCacheControlDirective('must-revalidate');
+        }
+    }
+
     protected function getSession()
     {
         if (!$this->container->has('session')) {
@@ -37,4 +76,12 @@ protected function getSession()
 
         return $this->container->get('session');
     }
+
+    public static function getSubscribedEvents()
+    {
+        return parent::getSubscribedEvents() + array(
+            // low priority to come after regular response listeners
+            KernelEvents::RESPONSE => array(array('onKernelResponse', -1000)),
+        );
+    }
 }
@@ -32,7 +32,7 @@ public function testOnlyTriggeredOnMasterRequest()
         $listener->onKernelResponse($event);
     }
 
-    public function testSessionSavedAndResponsePrivate()
+    public function testSessionSaved()
     {
         $listener = new SaveSessionListener();
         $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
@@ -45,9 +45,5 @@ public function testSessionSavedAndResponsePrivate()
         $request->setSession($session);
         $response = new Response();
         $listener->onKernelResponse(new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response));
-
-        $this->assertTrue($response->headers->hasCacheControlDirective('private'));
-        $this->assertTrue($response->headers->hasCacheControlDirective('must-revalidate'));
-        $this->assertSame('0', $response->headers->getCacheControlDirective('max-age'));
     }
 }
@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpKernel\Tests\EventListener;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\DependencyInjection\Container;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\Session;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\EventListener\AbstractSessionListener;
+use Symfony\Component\HttpKernel\EventListener\SessionListener;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+class SessionListenerTest extends TestCase
+{
+    public function testOnlyTriggeredOnMasterRequest()
+    {
+        $listener = $this->getMockForAbstractClass(AbstractSessionListener::class);
+        $event = $this->getMockBuilder(GetResponseEvent::class)->disableOriginalConstructor()->getMock();
+        $event->expects($this->once())->method('isMasterRequest')->willReturn(false);
+        $event->expects($this->never())->method('getRequest');
+
+        // sub request
+        $listener->onKernelRequest($event);
+    }
+
+    public function testSessionIsSet()
+    {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
+
+        $container = new Container();
+        $container->set('session', $session);
+
+        $request = new Request();
+        $listener = new SessionListener($container);
+
+        $event = $this->getMockBuilder(GetResponseEvent::class)->disableOriginalConstructor()->getMock();
+        $event->expects($this->once())->method('isMasterRequest')->willReturn(true);
+        $event->expects($this->once())->method('getRequest')->willReturn($request);
+
+        $listener->onKernelRequest($event);
+
+        $this->assertTrue($request->hasSession());
+        $this->assertSame($session, $request->getSession());
+    }
+
+    public function testResponseIsPrivate()
+    {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
+        $session->expects($this->once())->method('isStarted')->willReturn(true);
+
+        $container = new Container();
+        $container->set('session', $session);
+
+        $listener = new SessionListener($container);
+        $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
+
+        $request = new Request();
+        $response = new Response();
+        $listener->onKernelRequest(new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST));
+        $listener->onKernelResponse(new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response));
+
+        $this->assertTrue($response->headers->hasCacheControlDirective('private'));
+        $this->assertTrue($response->headers->hasCacheControlDirective('must-revalidate'));
+        $this->assertSame('0', $response->headers->getCacheControlDirective('max-age'));
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -257,6 +257,6 @@ public function getFlashBag()`
`257`	`257`	`*/`
`258`	`258`	`private function getAttributeBag()`
`259`	`259`	`{`
`260`		`- return $this->storage->getBag($this->attributeName)->getBag();`
	`260`	`+ return $this->getBag($this->attributeName);`
`261`	`261`	`}`
`262`	`262`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,10 +53,6 @@ public function onKernelResponse(FilterResponseEvent $event)`
`53`	`53`	`$session = $event->getRequest()->getSession();`
`54`	`54`	`if ($session && $session->isStarted()) {`
`55`	`55`	`$session->save();`
`56`		`- $event->getResponse()`
`57`		`- ->setPrivate()`
`58`		`- ->setMaxAge(0)`
`59`		`- ->headers->addCacheControlDirective('must-revalidate');`
`60`	`56`	`}`
`61`	`57`	`}`
`62`	`58`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public function testOnlyTriggeredOnMasterRequest()`
`32`	`32`	`$listener->onKernelResponse($event);`
`33`	`33`	`}`
`34`	`34`
`35`		`- public function testSessionSavedAndResponsePrivate()`
	`35`	`+ public function testSessionSaved()`
`36`	`36`	`{`
`37`	`37`	`$listener = new SaveSessionListener();`
`38`	`38`	`$kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();`
`@@ -45,9 +45,5 @@ public function testSessionSavedAndResponsePrivate()`
`45`	`45`	`$request->setSession($session);`
`46`	`46`	`$response = new Response();`
`47`	`47`	`$listener->onKernelResponse(new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response));`
`48`		`-`
`49`		`- $this->assertTrue($response->headers->hasCacheControlDirective('private'));`
`50`		`- $this->assertTrue($response->headers->hasCacheControlDirective('must-revalidate'));`
`51`		`- $this->assertSame('0', $response->headers->getCacheControlDirective('max-age'));`
`52`	`48`	`}`
`53`	`49`	`}`