From 1f108b2891ee3bd4a2cc08615e7d3517b8b26479 Mon Sep 17 00:00:00 2001
From: Roland Franssen <franssen.roland@gmail.com>
Date: Wed, 13 Sep 2017 20:03:03 +0200
Subject: [PATCH] [HttpKernel] Dont store response cookies with HttpCache

---
 .../Component/HttpKernel/HttpCache/Store.php       |  2 +-
 .../HttpKernel/Tests/HttpCache/StoreTest.php       | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpKernel/HttpCache/Store.php b/src/Symfony/Component/HttpKernel/HttpCache/Store.php
index c4d961e68f043..070a767703ece 100644
--- a/src/Symfony/Component/HttpKernel/HttpCache/Store.php
+++ b/src/Symfony/Component/HttpKernel/HttpCache/Store.php
@@ -216,7 +216,7 @@ public function write(Request $request, Response $response)
         }
 
         $headers = $this->persistResponse($response);
-        unset($headers['age']);
+        unset($headers['age'], $headers['set-cookie']);
 
         array_unshift($entries, array($storedEnv, $headers));
 
diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php
index cef019167a4ef..d9ae17695e58c 100644
--- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpKernel\Tests\HttpCache;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\HttpCache\Store;
@@ -263,6 +264,19 @@ public function testPurgeHttpAndHttps()
         $this->assertEmpty($this->getStoreMetadata($requestHttps));
     }
 
+    public function testNoResponseCookiesAreStored()
+    {
+        $request = Request::create('/foo');
+        $response = new Response('foo');
+        $response->headers->set('set-cookie', 'foo=bar');
+        $response->headers->setCookie(new Cookie('bar', 'foo'));
+        $this->store->write($request, $response);
+
+        $newResponse = $this->store->lookup($request);
+        $this->assertEmpty($newResponse->headers->getCookies());
+        $this->assertNull($newResponse->headers->get('set-cookie'));
+    }
+
     protected function storeSimpleEntry($path = null, $headers = array())
     {
         if (null === $path) {