symfony
diff --git a/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected
Lines changed: 0 additions & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/SaveSessionListener.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
Lines changed: 51 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SaveSessionListenerTest.php
Lines changed: 51 additions & 0 deletions
@@ -60,7 +60,7 @@ class NativeSessionStorage implements SessionStorageInterface
      * ("auto_start", is not supported as it tells PHP to start a session before
      * PHP starts to execute user-land code. Setting during runtime has no effect).
      *
-     * cache_limiter, "" (use "0" to prevent headers from being sent entirely).
+     * cache_limiter, "0"
      * cache_expire, "0"
      * cookie_domain, ""
      * cookie_httponly, ""
@@ -101,7 +101,7 @@ class NativeSessionStorage implements SessionStorageInterface
     public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
     {
         $options += array(
-            'cache_limiter' => '',
+            'cache_limiter' => 0,
             'cache_expire' => 0,
             'use_cookies' => 1,
             'lazy_write' => 1,
 
@@ -15,6 +15,5 @@ $_SESSION is not empty
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: max-age=0, private, must-revalidate
 )
 shutdown
@@ -150,7 +150,7 @@ public function testDefaultSessionCacheLimiter()
         $this->iniSet('session.cache_limiter', 'nocache');
 
         $storage = new NativeSessionStorage();
-        $this->assertEquals('', ini_get('session.cache_limiter'));
+        $this->assertEquals('0', ini_get('session.cache_limiter'));
     }
 
     public function testExplicitSessionCacheLimiter()
 
@@ -53,6 +53,8 @@ public function onKernelResponse(FilterResponseEvent $event)
         $session = $event->getRequest()->getSession();
         if ($session && $session->isStarted()) {
             $session->save();
+
+            $event->getResponse()->setPrivate();
         }
     }
 
 
@@ -0,0 +1,51 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpKernel\Tests\EventListener;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\EventListener\SaveSessionListener;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+class SaveSessionListenerTest extends TestCase
+{
+    public function testOnlyTriggeredOnMasterRequest()
+    {
+        $listener = new SaveSessionListener();
+        $event =$this->getMockBuilder(FilterResponseEvent::class)->getMock();
+        $event->expects($this->once())->method('isMasterRequest')->willReturn(false);
+        $event->expects($this->never())->method('getRequest');
+
+        // sub request
+        $listener->onKernelResponse($event);
+    }
+
+    public function testSessionSavedAndResponsePrivate()
+    {
+        $listener = new SaveSessionListener();
+        $kernel = $this->getMockBuilder(HttpKernelInterface::class)->getMock();
+
+        $session =$this->getMockBuilder(SessionInterface::class)->getMock();
+        $session->expects($this->once())->method('isStarted')->willReturn(true);
+        $session->expects($this->once())->method('save');
+
+        $request = new Request();
+        $request->setSession($session);
+        $response = new Response();
+        $listener->onKernelResponse(new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response));
+
+        $this->assertTrue($response->headers->hasCacheControlDirective('private'));
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,5 @@ $_SESSION is not empty`
`15`	`15`	`Array`
`16`	`16`	`(`
`17`	`17`	`[0] => Content-Type: text/plain; charset=utf-8`
`18`		`- [1] => Cache-Control: max-age=0, private, must-revalidate`
`19`	`18`	`)`
`20`	`19`	`shutdown`
Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ public function testDefaultSessionCacheLimiter()`
`150`	`150`	`$this->iniSet('session.cache_limiter', 'nocache');`
`151`	`151`
`152`	`152`	`$storage = new NativeSessionStorage();`
`153`		`- $this->assertEquals('', ini_get('session.cache_limiter'));`
	`153`	`+ $this->assertEquals('0', ini_get('session.cache_limiter'));`
`154`	`154`	`}`
`155`	`155`
`156`	`156`	`public function testExplicitSessionCacheLimiter()`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,8 @@ public function onKernelResponse(FilterResponseEvent $event)`
`53`	`53`	`$session = $event->getRequest()->getSession();`
`54`	`54`	`if ($session && $session->isStarted()) {`
`55`	`55`	`$session->save();`
	`56`	`+`
	`57`	`+ $event->getResponse()->setPrivate();`
`56`	`58`	`}`
`57`	`59`	`}`
`58`	`60`