I am running a Symfony 2.8 based webpage which is separated into a public and a private part (login required).
Due to the "new" GDPR regulation in Europe I have checked which cookies my page actually use. Since I do not use any analytics or tracking tools are related stuff, the public part of the web page does actually need any cookies. However, when inspecting the page with Firefox Webmaster Tools I see that the PHPSESSID Cookie is set when visiting the public pages.
My code of the public pages does not actively uses the session (at least not that I am aware of). Sure the session needs to be queried to check if the user is logged in, is this enough to create a session if it does not exists? I suspect that some third party code/bundle might query the session and thus set the cookie.
Is there a way to find out where and why the cookie is set by symfony?
