Generate a session id for new sessions with data

LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2017, Zend Technologies USA, Inc.
+Copyright (c) 2017-2018, Zend Technologies USA, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,

src/PhpSessionPersistence.php

@@ -1,13 +1,12 @@
 <?php
 /**
  * @see       https://github.com/zendframework/zend-expressive-session-ext for the canonical source repository
- * @copyright Copyright (c) 2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2017-2018 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   https://github.com/zendframework/zend-expressive-session-ext/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Expressive\Session\Ext;
 
-use Dflydev\FigCookies\FigCookies\Cookie;
 use Dflydev\FigCookies\FigRequestCookies;
 use Dflydev\FigCookies\FigResponseCookies;
 use Dflydev\FigCookies\SetCookie;
@@ -100,7 +99,10 @@ public function initializeSessionFromRequest(ServerRequestInterface $request) :
 
     public function persistSession(SessionInterface $session, ResponseInterface $response) : ResponseInterface
     {
-        if ($session->isRegenerated()) {
+        // Regenerate if the session is marked as regenerated
+        // Regenerate if there is no cookie id set but the session has changed (new session with data)
+        if ($session->isRegenerated()
+            || ($session->hasChanged() && ! $this->cookie)) {
             $this->regenerateSession();
         }
 

test/PhpSessionPersistenceTest.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * @see       https://github.com/zendframework/zend-expressive-session-ext for the canonical source repository
- * @copyright Copyright (c) 2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2017-2018 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   https://github.com/zendframework/zend-expressive-session-ext/blob/master/LICENSE.md New BSD License
  */
 
@@ -198,7 +198,7 @@ public function testPersistSessionIfSessionHasContents()
     {
         $this->startSession();
         $session = new Session(['foo' => 'bar']);
-        $this->persistence->persistSession($session, new Response);
+        $this->persistence->persistSession($session, new Response());
         $this->assertSame($session->toArray(), $_SESSION);
     }
 
@@ -422,4 +422,30 @@ public function testPersistSessionReturnsExpectedResponseWithoutAddedCacheHeader
 
         $this->restoreOriginalSessionIniSettings($ini);
     }
+
+    public function testCookiesNotSetWithoutRegenerate(): void
+    {
+        $persistence = new PhpSessionPersistence();
+        $request = new ServerRequest();
+        $session = $persistence->initializeSessionFromRequest($request);
+
+        $response = new Response();
+        $response = $persistence->persistSession($session, $response);
+
+        $this->assertEmpty($response->getHeaderLine('Set-Cookie'));
+    }
+
+    public function testCookiesSetWithoutRegenerate(): void
+    {
+        $persistence = new PhpSessionPersistence();
+        $request = new ServerRequest();
+        $session = $persistence->initializeSessionFromRequest($request);
+
+        $session->set('foo', 'bar');
+
+        $response = new Response();
+        $response = $persistence->persistSession($session, $response);
+
+        $this->assertNotEmpty($response->getHeaderLine('Set-Cookie'));
+    }
 }