From e89eb3af9339d350a8f071e7166cb2cbaf76022c Mon Sep 17 00:00:00 2001
From: Alexander Schranz <alexander@sulu.io>
Date: Thu, 16 Dec 2021 02:19:41 +0100
Subject: [PATCH] Set session cookie only when not empty

---
 .../HttpKernel/EventListener/AbstractSessionListener.php     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
index 08b6faac0e7e9..6a2761ed1f5d8 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
@@ -151,7 +151,8 @@ public function onKernelResponse(ResponseEvent $event)
             $request = $event->getRequest();
             $requestSessionCookieId = $request->cookies->get($sessionName);
 
-            if ($requestSessionCookieId && $session->isEmpty()) {
+            $isSessionEmpty = $session->isEmpty();
+            if ($requestSessionCookieId && $isSessionEmpty) {
                 $response->headers->clearCookie(
                     $sessionName,
                     $sessionCookiePath,
@@ -160,7 +161,7 @@ public function onKernelResponse(ResponseEvent $event)
                     $sessionCookieHttpOnly,
                     $sessionCookieSameSite
                 );
-            } elseif ($sessionId !== $requestSessionCookieId) {
+            } elseif ($sessionId !== $requestSessionCookieId && !$isSessionEmpty) {
                 $expire = 0;
                 $lifetime = $this->sessionOptions['cookie_lifetime'] ?? null;
                 if ($lifetime) {