Fix EZP-28612: Session is always started for anonymous user

[emodric]

Question	Answer
Tickets	https://jira.ez.no/browse/EZP-28612
Bug fix?	yes
New feature?	no
BC breaks?	no
Tests pass?	yes
Doc needed?	no
License	GPL-2.0

This refactors a bit FlashBagNotificationHandler in order not to start the session for anonymous user, by calling the getFlashBag only when neeeded, since it is responsible for starting the session.

Checklist:

• Coding standards ($ composer fix-cs)
• Ready for Code Review

[andrerom]

@Nattfarinn Guess you forgot to mention on slack you where going to look at it? Ref #240

[emodric]

@andrerom @Nattfarinn Damn :)

[alongosz]

+1, thanks @emodric 🎉
This solves also the bug uncovered by REST functional tests // cc @andrerom

[andrerom]

👍

[emodric]

Nice! :)

What about template change in #240 about using {% if app.request.hasPreviousSession %} ? Is that needed?

EDIT: It should work without it, app.flashes will not start the session: https://symfony.com/blog/new-in-symfony-3-3-improved-flash-messages

[Nattfarinn]

@emodric Even if it would start, it's not required. This "if" is a good practice to avoid anonymous session starts, but in this case it's used inside Admin panel so you do have session anyway. :)

[emodric]

@Nattfarinn Well, not always. That layout template is also used as a layout for the login page, so just by displaying a login page, session would start if we were on lower versions of Symfony :)

EDIT: On the other hand, rendering the CSRF token in the login page does require the session, so it really doesn't matter after all :D