symfony
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/session.xml‎
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/session.xml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php‎
Lines changed: 12 additions & 2 deletions b/‎src/Symfony/Component/HttpFoundation/Request.php‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php‎
Lines changed: 60 additions & 1 deletion b/‎src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php‎
Lines changed: 60 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/SessionListener.php‎
Lines changed: 5 additions & 2 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/SessionListener.php‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php‎
Lines changed: 26 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php‎
Lines changed: 26 additions & 0 deletions
@@ -70,6 +70,8 @@
                 <argument key="session" type="service" id="session" on-invalid="ignore" />
                 <argument key="initialized_session" type="service" id="session" on-invalid="ignore_uninitialized" />
             </argument>
+            <argument>%kernel.debug%</argument>
+            <argument>%session.storage.options%</argument>
         </service>
 
         <service id="session.save_listener" class="Symfony\Component\HttpKernel\EventListener\SaveSessionListener">
 
@@ -179,7 +179,7 @@ class Request
     protected $format;
 
     /**
-     * @var SessionInterface|callable
+     * @var SessionInterface|callable(): SessionInterface
      */
     protected $session;
 
@@ -418,7 +418,7 @@ public static function create($uri, $method = 'GET', $parameters = [], $cookies
      * to keep BC with an existing system. It should not be used for any
      * other purpose.
      *
-     * @param callable|null $callable A PHP callable
+     * @param callable():SessionInterface|null $callable A PHP callable
      */
     public static function setFactory($callable)
     {
@@ -720,6 +720,14 @@ public function getSession()
         $session = $this->session;
         if (!$session instanceof SessionInterface && null !== $session) {
             $this->setSession($session = $session());
+            /*
+             * For supporting sessions in php runtime with runners like roadrunner or swoole the session
+             * cookie need read from the cookie bag and set on the session storage.
+             */
+            if (!$session->isStarted()) {
+                $sessionId = $this->cookies->get($session->getName(), '');
+                $session->setId($sessionId);
+            }
         }
 
         if (null === $session) {
@@ -763,6 +771,8 @@ public function setSession(SessionInterface $session)
 
     /**
      * @internal
+     *
+     * @param callable(): SessionInterface $factory
      */
     public function setSessionFactory(callable $factory)
     {
 
@@ -13,8 +13,10 @@
 
 use Psr\Container\ContainerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\HttpFoundation\Session\SessionUtils;
 use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
 use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
@@ -42,9 +44,18 @@ abstract class AbstractSessionListener implements EventSubscriberInterface
     protected $container;
     private $sessionUsageStack = [];
 
-    public function __construct(ContainerInterface $container = null)
+    /**
+     * @var array<string, mixed>
+     */
+    private $sessionOptions;
+
+    /**
+     * @param array<string, mixed> $sessionOptions
+     */
+    public function __construct(ContainerInterface $container = null, bool $debug = false, array $sessionOptions = [])
     {
         $this->container = $container;
+        $this->sessionOptions = $sessionOptions;
     }
 
     public function onKernelRequest(GetResponseEvent $event)
@@ -115,6 +126,54 @@ public function onKernelResponse(FilterResponseEvent $event)
              * it is saved will just restart it.
              */
             $session->save();
+
+            /*
+             * For supporting sessions in php runtime with runners like roadrunner or swoole the session
+             * cookie need to be written on the response object and should not be written by PHP itself.
+             */
+            $sessionName = $session->getName();
+            $sessionId = $session->getId();
+            $sessionCookiePath = $this->sessionOptions['cookie_path'] ?? '/';
+            $sessionCookieDomain = $this->sessionOptions['cookie_domain'] ?? null;
+            $sessionCookieSecure = $this->sessionOptions['cookie_secure'] ?? null;
+            $sessionCookieHttpOnly = $this->sessionOptions['cookie_httponly'] ?? true;
+            $sessionCookieSameSite = $this->sessionOptions['cookie_samesite'] ?? Cookie::SAMESITE_LAX;
+
+            SessionUtils::popSessionCookie($sessionName, $sessionCookiePath);
+
+            $request = $event->getRequest();
+            $requestSessionCoo
A340
kieId = $request->cookies->get($sessionName);
+
+            if ($requestSessionCookieId && $session->isEmpty()) {
+                $response->headers->clearCookie(
+                    $sessionName,
+                    $sessionCookiePath,
+                    $sessionCookieDomain,
+                    $sessionCookieSecure,
+                    $sessionCookieHttpOnly,
+                    $sessionCookieSameSite
+                );
+            } elseif ($sessionId !== $requestSessionCookieId) {
+                $expire = 0;
+                $lifetime = $this->sessionOptions['cookie_lifetime'] ?? null;
+                if ($lifetime) {
+                    $expire = time() + $lifetime;
+                }
+
+                $response->headers->setCookie(
+                    Cookie::create(
+                        $sessionName,
+                        $sessionId,
+                        $expire,
+                        $sessionCookiePath,
+                        $sessionCookieDomain,
+                        $sessionCookieSecure,
+                        $sessionCookieHttpOnly,
+                        false,
+                        $sessionCookieSameSite
+                    )
+                );
+            }
         }
     }
 
 
@@ -29,9 +29,12 @@
  */
 class SessionListener extends AbstractSessionListener
 {
-    public function __construct(ContainerInterface $container)
+    /**
+     * @param array<string, mixed> $sessionOptions
+     */
+    public function __construct(ContainerInterface $container, bool $debug = false, array $sessionOptions = [])
     {
-        $this->container = $container;
+        parent::__construct($container, $debug, $sessionOptions);
     }
 
     public function onKernelRequest(GetResponseEvent $event)
 
@@ -120,6 +120,32 @@ public function testResponseIsStillPublicIfSessionStartedAndHeaderPresent()
         $this->assertFalse($response->headers->has(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER));
     }
 
+    public function testSessionSaveAndResponseHasSessionCookie()
+    {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
+        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->exactly(1))->method('getId')->willReturn('123456');
+        $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
+        $session->expects($this->exactly(1))->method('save');
+        $session->expects($this->exactly(1))->method('isStarted')->willReturn(true);
+
+        $container = new Container();
+        $container->set('initialized_session', $session);
+
+        $listener = new SessionListener($container);
+        $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
+
+        $request = new Request();
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST));
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, new Request(), HttpKernelInterface::MASTER_REQUEST, $response));
+
+        $cookies = $response->headers->getCookies();
+        $this->assertSame('PHPSESSID', $cookies[0]->getName());
+        $this->assertSame('123456', $cookies[0]->getValue());
+    }
+
     publ
43B6
ic function testUninitializedSession()
     {
         $kernel = $this->createMock(HttpKernelInterface::class);
Original file line number	Diff line number	Diff line change
`@@ -29,9 +29,12 @@`
`29`	`29`	`*/`
`30`	`30`	`class SessionListener extends AbstractSessionListener`
`31`	`31`	`{`
`32`		`- public function __construct(ContainerInterface $container)`
	`32`	`+ /**`
	`33`	`+ * @param array<string, mixed> $sessionOptions`
	`34`	`+ */`
	`35`	`+ public function __construct(ContainerInterface $container, bool $debug = false, array $sessionOptions = [])`
`33`	`36`	`{`
`34`		`- $this->container = $container;`
	`37`	`+ parent::__construct($container, $debug, $sessionOptions);`
`35`	`38`	`}`
`36`	`39`
`37`	`40`	`public function onKernelRequest(GetResponseEvent $event)`