From a4db20fbfde6b546db36bfa655c228eb5b9efdd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Schl=C3=A4pfer?= <github@spam.pableu.net>
Date: Fri, 8 Dec 2017 14:05:42 +0100
Subject: [PATCH] [HttpFoundation] don't prefix cookies with "Set-Cookie:"

See symfony/symfony#25393
---
 .../Handler/AbstractSessionHandler.php        |  2 +-
 .../Fixtures/with_cookie_and_session.expected | 24 +++++++++++++++++++
 .../Fixtures/with_cookie_and_session.php      | 13 ++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected
 create mode 100644 src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php

diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
index 7c6c476aac453..6ae1355816fdb 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
@@ -156,7 +156,7 @@ public function destroy($sessionId)
             if ($sessionCookieFound) {
                 header_remove('Set-Cookie');
                 foreach ($otherCookies as $h) {
-                    header('Set-Cookie:'.$h, false);
+                    header($h, false);
                 }
             } else {
                 setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected
new file mode 100644
index 0000000000000..5de2d9e3904ed
--- /dev/null
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected
@@ -0,0 +1,24 @@
+open
+validateId
+read
+doRead: abc|i:123;
+read
+updateTimestamp
+close
+open
+validateId
+read
+doRead: abc|i:123;
+read
+
+write
+destroy
+doDestroy
+close
+Array
+(
+    [0] => Content-Type: text/plain; charset=utf-8
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
+    [2] => Set-Cookie: abc=def
+)
+shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php
new file mode 100644
index 0000000000000..ec5119323b757
--- /dev/null
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php
@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__.'/common.inc';
+
+setcookie('abc', 'def');
+
+session_set_save_handler(new TestSessionHandler('abc|i:123;'), false);
+session_start();
+session_write_close();
+session_start();
+
+$_SESSION['abc'] = 234;
+unset($_SESSION['abc']);