I was a bit surprised that a Set-Cookie header is sent for every request once a session has been established.
It makes sense that the session id is regenerated each time the session is changed, but cookies are also sent for each response when the session has not been altered.
This patch adds an integration test to document the behaviour of session-cache when used with SessionMiddleware and a PSR cache item pool. I used Symfony cache in dev because laminas-adapter-memory does not support a static TTL and I wanted to avoid mocks.
Is it expected behaviour to send a Set-Cookie header for every request once a session has been established?
Description
I was a bit surprised that a
Set-Cookie
header is sent for every request once a session has been established.It makes sense that the session id is regenerated each time the session is changed, but cookies are also sent for each response when the session has not been altered.
This patch adds an integration test to document the behaviour of session-cache when used with
SessionMiddleware
and a PSR cache item pool. I used Symfony cache in dev because laminas-adapter-memory does not support a static TTL and I wanted to avoid mocks.Is it expected behaviour to send a Set-Cookie header for every request once a session has been established?