Description
| Q | A |
|---|---|
| Bug report? | yes |
| Feature request? | no |
| BC Break report? | no |
| RFC? | no |
| Symfony version | * |
In any environment where the profiler is enabled, I noticed Cache-control headers were not working correctly. This seems due to this bit of code, marking all requests in sessions as private with a max-age of 0 https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php#L54 .
I wasn't aware my requests were actually using sessions, and on debugging with help in Slack, it looks like it's started by this RequestDataCollector as it doesn't check whether the session is started or not before inspecting it. Inspecting it starts the session, and overrides my cache headers.
The fix seems to be adding
if (!$event->getRequest()->getSession()->isStarted()) {
return;
}
* I'm not sure exactly which symfony versions this affects, but it could have been introduced here: 95d0b72#diff-e8f5b14fbfbbeac60fc9f3abe310c3b0 . Does this commit need reverting or changing, or am I misunderstanding something?