also clean away the NO_AUTO_CACHE_CONTROL_HEADER if we have no session

dbu · dbu · commit 28d9f0c84c12 · 2018-10-23T16:30:58.000+02:00
diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
@@ -71,24 +71,24 @@ public function onKernelResponse(FilterResponseEvent $event)
             return;
         }
 
+        $response = $event->getResponse();
+        $autoCacheControl = !$response->headers->has(self::NO_AUTO_CACHE_CONTROL_HEADER);
+        // Always remove the internal header if present
+        $response->headers->remove(self::NO_AUTO_CACHE_CONTROL_HEADER);
+
         if (!$session = $this->container && $this->container->has('initialized_session') ? $this->container->get('initialized_session') : $event->getRequest()->getSession()) {
             return;
         }
 
-        $response = $event->getResponse();
-
         if ($session instanceof Session ? $session->getUsageIndex() !== end($this->sessionUsageStack) : $session->isStarted()) {
-            if (!$response->headers->has(self::NO_AUTO_CACHE_CONTROL_HEADER)) {
+            if ($autoCacheControl) {
                 $response
                     ->setPrivate()
                     ->setMaxAge(0)
                     ->headers->addCacheControlDirective('must-revalidate');
             }
         }
 
-        // Always remove the internal header if present
-        $response->headers->remove(self::NO_AUTO_CACHE_CONTROL_HEADER);
-
         if ($session->isStarted()) {
             /*
              * Saves the session, in case it is still open, before sending the response/headers.
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
@@ -106,17 +106,24 @@ public function testResponseIsStillPublicIfSessionStartedAndHeaderPresent()
         $this->assertFalse($response->headers->has(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER));
     }
 
-    public function testUninitilizedSession()
+    public function testUninitializedSession()
     {
-        $event = $this->getMockBuilder(FilterResponseEvent::class)->disableOriginalConstructor()->getMock();
-        $event->expects($this->once())->method('isMasterRequest')->willReturn(true);
+        $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
+        $response = new Response();
+        $response->setSharedMaxAge(60);
+        $response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 'true');
 
         $container = new ServiceLocator(array(
             'initialized_session' => function () {},
         ));
 
         $listener = new SessionListener($container);
-        $listener->onKernelResponse($event);
+        $listener->onKernelResponse(new FilterResponseEvent($kernel, new Request(), HttpKernelInterface::MASTER_REQUEST, $response));
+        $this->assertTrue($response->headers->hasCacheControlDirective('public'));
+        $this->assertFalse($response->headers->hasCacheControlDirective('private'));
+        $this->assertFalse($response->headers->hasCacheControlDirective('must-revalidate'));
+        $this->assertSame('60', $response->headers->getCacheControlDirective('s-maxage'));
+        $this->assertFalse($response->headers->has(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER));
     }
 
     public function testSurrogateMasterRequestIsPublic()
