I was a bit surprised that a Set-Cookie header is sent for every request once a session has been established.
It makes sense that the session id is regenerated each time the session is changed, but cookies are also sent for each response when the session has not been altered.
This patch adds an integration test to document the behaviour of session-cache when used with SessionMiddleware and a PSR cache item pool. I used Symfony cache in dev because laminas-adapter-memory does not support a static TTL and I wanted to avoid mocks.
Is it expected behaviour to send a Set-Cookie header for every request once a session has been established?
Ocramius
commented
2 years ago
Description
I was a bit surprised that a
Set-Cookieheader is sent for every request once a session has been established.It makes sense that the session id is regenerated each time the session is changed, but cookies are also sent for each response when the session has not been altered.
This patch adds an integration test to document the behaviour of session-cache when used with
SessionMiddlewareand a PSR cache item pool. I used Symfony cache in dev because laminas-adapter-memory does not support a static TTL and I wanted to avoid mocks.Is it expected behaviour to send a Set-Cookie header for every request once a session has been established?