merged branch frosas/start-session-on-generate-csrf-token (PR #4781)

Commits
-------

6d94f3e Ensure there is a session before getting the session id

Discussion
----------

[Form] Ensure there is a session before getting the session id

Solves "The CSRF token is invalid. Please try to resubmit the form" error when a form is generated before the session is started.

---------------------------------------------------------------------------

by fabpot at 2012-07-09T10:23:32Z

Adding a CSRF token only makes sense if you are on a page with a "user". If not (and if you don't use HTTP auth or whatever), then there is no need for a CSRF token.

---------------------------------------------------------------------------

by frosas at 2012-07-09T14:42:40Z

This PR doesn't change any logic on whether a CSRF token is added or not, it just fixes a bug when a token is requested.

src/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.php

@@ -50,6 +50,8 @@ class SessionCsrfProvider extends DefaultCsrfProvider
      */
     protected function getSessionId()
     {
+        $this->session->start();
+
         return $this->session->getId();
     }
 }