Add session into Request's Attributes

[odan]

Usually the session object would be passed from the dependency injection container and not from the middleware, because the Middleware is not responsible for injecting objects. The DIC is responsible for this task. This middleware is responsible to start and save the session, the rest should be done by the DIC.

[roxblnfk]

I support your vision about DI  But $request->getAttribute method also allows you to check the session initialization without creating a SessionInterface instance if it was not created. Perhaps, I agree that this is an exotic case :)

[odan]

I see you have a very specific use case. If you still don't want to use the DIC then I would recommend this approach: Just add a custom middleware (after the SessionMiddleware) and set your custom session attribute there.

[roxblnfk]

Here you are right