Document how to set session.cache_limiter

[goetas]

The current session implementation sends some "Cache" headers really similar to http://php.net/manual/en/function.session-cache-limiter.php

This behavior can be configured by setting some properties into the parameter, session.storage.options

As example:

# config/packages/framework.yaml
parameters:
    session.storage.options:
        cache_limiter: 0

If cache_limiter is 0 symfony will not set any particular header header and will fallback on what specified by http://php.net/manual/en/session.configuration.php#ini.session.cache-limiter

cache_limiter can also be set to one of the nocache, private, private_no_expire, or public vales

Related to symfony/symfony#24988 (comment)

As suggested here symfony/symfony#24988 (comment) should be documented that changing this value should be done carefully.

[goetas]

@nicolas-grekas checking here
https://github.com/symfony/symfony/blob/7bab5b265614de241913db27cb6654cca91f477d/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php#L36

Symfony is using the php's header function... I expect from symfony to use always a Response object as set all the headers there.. having this exception for the session was not trivial to discover...
Can't this be done using some response listener?

In my case I also had @Cache(maxage=999)... and this was generating two Cache-Control headers...

[nicolas-grekas]

Symfony is using the php's header function... I expect from symfony to use always a Response object

session are an old part of the framework, this would be great, but needs a lot of work AFAIK.

was generating two Cache-Control headers

yes, that's a bit unfortunate, but is OK from semantic+http pov, so not that a big deal IMHO