From 2c0dc745d63bfe227db07d4bb74adc47d585d950 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Thu, 9 Nov 2017 11:49:37 +0100
Subject: [PATCH] [HttpFoundation] Prevent PHP from sending Last-Modified on
 session start

---
 .../Session/Storage/Handler/AbstractSessionHandler.php         | 3 +++
 .../HttpFoundation/Session/Storage/NativeSessionStorage.php    | 2 +-
 .../Tests/Session/Storage/Handler/Fixtures/common.inc          | 3 +--
 .../Session/Storage/Handler/Fixtures/empty_destroys.expected   | 2 +-
 .../Tests/Session/Storage/Handler/Fixtures/read_only.expected  | 2 +-
 .../Tests/Session/Storage/Handler/Fixtures/regenerate.expected | 2 +-
 .../Tests/Session/Storage/Handler/Fixtures/storage.expected    | 2 +-
 .../Session/Storage/Handler/Fixtures/with_cookie.expected      | 2 +-
 .../Tests/Session/Storage/NativeSessionStorageTest.php         | 2 +-
 9 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
index c20a23b20e5d9..ced5b48950a20 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
@@ -32,6 +32,9 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
     public function open($savePath, $sessionName)
     {
         $this->sessionName = $sessionName;
+        if (!headers_sent() && !ini_get('session.cache_limiter')) {
+            header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) ini_get('session.cache_expire')));
+        }
 
         return true;
     }
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
index c034c59038624..0503258987a87 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
@@ -107,7 +107,7 @@ public function __construct(array $options = array(), $handler = null, MetadataB
         }
 
         $options += array(
-            'cache_limiter' => 'private_no_expire',
+            'cache_limiter' => '',
             'cache_expire' => 0,
             'use_cookies' => 1,
             'lazy_write' => 1,
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc
index 5c183acfff324..7a064c7f3f061 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc
@@ -38,14 +38,13 @@ ini_set('session.use_strict_mode', 1);
 ini_set('session.lazy_write', 1);
 ini_set('session.name', 'sid');
 ini_set('session.save_path', __DIR__);
-ini_set('session.cache_limiter', 'private_no_expire');
+ini_set('session.cache_limiter', '');
 
 header_remove('X-Powered-By');
 header('Content-Type: text/plain; charset=utf-8');
 
 register_shutdown_function(function () {
     echo "\n";
-    header_remove('Last-Modified');
     session_write_close();
     print_r(headers_list());
     echo "shutdown\n";
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/empty_destroys.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/empty_destroys.expected
index 1720bf0558386..8203714740752 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/empty_destroys.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/empty_destroys.expected
@@ -11,7 +11,7 @@ close
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: private, max-age=10800
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
     [2] => Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
 )
 shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/read_only.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/read_only.expected
index 307b6c322ef97..587adaf158b1d 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/read_only.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/read_only.expected
@@ -9,6 +9,6 @@ close
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: private, max-age=10800
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
 )
 shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/regenerate.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/regenerate.expected
index 33f3892e2ab37..baa5f2f6f5cb0 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/regenerate.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/regenerate.expected
@@ -18,7 +18,7 @@ close
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: private, max-age=10800
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
     [2] => Set-Cookie: sid=random_session_id; path=/; secure; HttpOnly
 )
 shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected
index 3bc9beeb758f1..4533a10a1f7cf 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/storage.expected
@@ -15,6 +15,6 @@ $_SESSION is not empty
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: private, max-age=0
+    [1] => Cache-Control: max-age=0, private, must-revalidate
 )
 shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie.expected
index 47ae4da82449d..33da0a5be6e05 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie.expected
@@ -9,7 +9,7 @@ close
 Array
 (
     [0] => Content-Type: text/plain; charset=utf-8
-    [1] => Cache-Control: private, max-age=10800
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
     [2] => Set-Cookie: abc=def
 )
 shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
index 8864bb7069e3e..ec094a6169e3a 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
@@ -150,7 +150,7 @@ public function testDefaultSessionCacheLimiter()
         $this->iniSet('session.cache_limiter', 'nocache');
 
         $storage = new NativeSessionStorage();
-        $this->assertEquals('private_no_expire', ini_get('session.cache_limiter'));
+        $this->assertEquals('', ini_get('session.cache_limiter'));
     }
 
     public function testExplicitSessionCacheLimiter()