Last Updated: February 25, 2016
· khaitu

Symfony2 API Cookie Removal

The Symfony2 framework doesn't allow simple disabling of the PHPSESSID cookie as this is hardcoded into the framework itself, and overrides any PHP config you may have either in the php.ini file or an .htaccess file.

In order to remove the cookie, it is necessary to override the default session storage handler.


namespace Insead\MIMBundle\Service\Session;

use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;

class Storage extends NativeSessionStorage
    public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
        session_cache_limiter(''); // disable by default because it's managed by HeaderBag (if used)
        ini_set('session.use_cookies', 0);

        if (PHP_VERSION_ID >= 50400) {
        } else {