From 42949da8c14e761a938ab2728ca16a3f5da570bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Ca=C5=82ka?= <calka.rafal@gmail.com>
Date: Tue, 30 Jan 2024 23:20:22 +0100
Subject: [PATCH] fix: do not set vary cookie if something bypassed session

---
 src/Middleware/VaryCookieMiddleware.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Middleware/VaryCookieMiddleware.php b/src/Middleware/VaryCookieMiddleware.php
index 9fca2f7..2ea2679 100644
--- a/src/Middleware/VaryCookieMiddleware.php
+++ b/src/Middleware/VaryCookieMiddleware.php
@@ -48,8 +48,12 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         return $this->withVaryCookie($response, $session);
     }
 
-    private function withVaryCookie(Response $response, Session $session): Response
+    private function withVaryCookie(Response $response, ?Session $session): Response
     {
+        if (! $session) {
+            return $response;
+        }
+
         return FigResponseCookies::set(
             $response,
             $this->cookie->make(LSCache::VARY_COOKIE, $session->token(), $this->session['lifetime'] * 60)