From 296be33dd1ed9310274867c0fcd36b6dfec70341 Mon Sep 17 00:00:00 2001
From: Thomas Landauer <thomas@landauer.at>
Date: Tue, 12 Jul 2022 17:04:48 +0200
Subject: [PATCH] Adding CSRF token

---
 session.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/session.rst b/session.rst
index 57072dbdb37..399a3fab44a 100644
--- a/session.rst
+++ b/session.rst
@@ -239,6 +239,8 @@ Sessions are automatically started whenever you read, write or even check for
 the existence of data in the session. This may hurt your application performance
 because all users will receive a session cookie. In order to prevent that, you
 must *completely* avoid accessing the session.
+By default, every Symfony form starts a session to store a CSRF token. To disable
+this, see :doc:`CSRF Protection </security/csrf>`.
 
 More about Sessions
 -------------------