From ed08a59096f924a382f24e80dd65f81b738a1222 Mon Sep 17 00:00:00 2001
From: Henry Snoek <henry.snoek@schiphol.nl>
Date: Fri, 20 Apr 2018 10:45:24 +0200
Subject: [PATCH 1/3] deprecating getSession() call when no hasSession()

---
 components/http_foundation.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/components/http_foundation.rst b/components/http_foundation.rst
index 97d910e4ae0..28318fd9e74 100644
--- a/components/http_foundation.rst
+++ b/components/http_foundation.rst
@@ -235,6 +235,13 @@ the
 method tells you if the request contains a session which was started in one of
 the previous requests.
 
+.. versionadded:: 4.1
+
+    Using :method:`Symfony\\Component\\HttpFoundation\\Request::getSession()` when no session
+    has been set, was deprecated in Symfony 4.1. It will throw an exception in
+    Symfony 5.0 when session is null.
+    Use :method:`Symfony\\Component\\HttpFoundation\\Request::hasSession()` instead.
+
 Accessing ``Accept-*`` Headers Data
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From 82a875a8dc9f7355cb591da74af34618fde81086 Mon Sep 17 00:00:00 2001
From: Henry Snoek <henry.snoek@schiphol.nl>
Date: Fri, 20 Apr 2018 10:50:07 +0200
Subject: [PATCH 2/3] update code examples using getSession()

---
 security/form_login.rst         |  6 ++++--
 security/impersonating_user.rst | 14 +++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/security/form_login.rst b/security/form_login.rst
index da7f8559ed8..1246504056f 100644
--- a/security/form_login.rst
+++ b/security/form_login.rst
@@ -444,7 +444,9 @@ remove this variable, it's better to use the
     // ...
     use Symfony\Component\Security\Http\Util\TargetPathTrait;
 
-    $targetPath = $this->getTargetPath($request->getSession(), $providerKey);
+    $session = $request->hasSession() ? $request->getSession() : throw_no_session_exception();
+
+    $targetPath = $this->getTargetPath($session, $providerKey);
 
     // equivalent to:
-    // $targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
+    // $targetPath = $session->get('_security.'.$providerKey.'.target_path');
diff --git a/security/impersonating_user.rst b/security/impersonating_user.rst
index b4b70e8d9cd..6c1c6b99d36 100644
--- a/security/impersonating_user.rst
+++ b/security/impersonating_user.rst
@@ -209,11 +209,15 @@ you switch users, add an event subscriber on this event::
     {
         public function onSwitchUser(SwitchUserEvent $event)
         {
-            $event->getRequest()->getSession()->set(
-                '_locale',
-                // assuming your User has some getLocale() method
-                $event->getTargetUser()->getLocale()
-            );
+            $request = $event->getRequest();
+
+            if ($request->hasSession() && ($session = $request->getSession)) {
+                $session->set(
+                    '_locale',
+                    // assuming your User has some getLocale() method
+                    $event->getTargetUser()->getLocale()
+                );
+            }
         }
 
         public static function getSubscribedEvents()

From b312191bf335e964f1e7932bb6b26981db59ef22 Mon Sep 17 00:00:00 2001
From: Henry Snoek <henry.snoek@schiphol.nl>
Date: Fri, 20 Apr 2018 15:47:02 +0200
Subject: [PATCH 3/3] code review changes

---
 components/http_foundation.rst | 9 ++++-----
 security/form_login.rst        | 6 ++----
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/components/http_foundation.rst b/components/http_foundation.rst
index 28318fd9e74..d0d8963581b 100644
--- a/components/http_foundation.rst
+++ b/components/http_foundation.rst
@@ -236,11 +236,10 @@ method tells you if the request contains a session which was started in one of
 the previous requests.
 
 .. versionadded:: 4.1
-
-    Using :method:`Symfony\\Component\\HttpFoundation\\Request::getSession()` when no session
-    has been set, was deprecated in Symfony 4.1. It will throw an exception in
-    Symfony 5.0 when session is null.
-    Use :method:`Symfony\\Component\\HttpFoundation\\Request::hasSession()` instead.
+    Using :method:`Symfony\\Component\\HttpFoundation\\Request::getSession()`
+    when no session has been set was deprecated in Symfony 4.1. It will throw
+    an exception in Symfony 5.0 when the session is ``null``. Check for an existing session
+    first by calling :method:`Symfony\\Component\\HttpFoundation\\Request::hasSession()`.
 
 Accessing ``Accept-*`` Headers Data
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/security/form_login.rst b/security/form_login.rst
index 1246504056f..da7f8559ed8 100644
--- a/security/form_login.rst
+++ b/security/form_login.rst
@@ -444,9 +444,7 @@ remove this variable, it's better to use the
     // ...
     use Symfony\Component\Security\Http\Util\TargetPathTrait;
 
-    $session = $request->hasSession() ? $request->getSession() : throw_no_session_exception();
-
-    $targetPath = $this->getTargetPath($session, $providerKey);
+    $targetPath = $this->getTargetPath($request->getSession(), $providerKey);
 
     // equivalent to:
-    // $targetPath = $session->get('_security.'.$providerKey.'.target_path');
+    // $targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');