Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug #36118 [Security/Http] don't require the session to be started wh…
…en tracking its id (nicolas-grekas) This PR was merged into the 4.4 branch. Discussion ---------- [Security/Http] don't require the session to be started when tracking its id | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - `$session->getId()` returns the empty string when the session is not yet started. When this happens, the session tracking logic wrongly detects that a new session was created and thus disables HTTP caching. This fixes the issue by looking at the value of the session cookie instead. (the case for `true` is when using `MockArraySessionStorage` as done in tests) Commits ------- c39188a [Security/Http] don't require the session to be started when tracking its id
- Loading branch information