[Form] throw an exception if session_id() is empty when a csrf token is generated

src/Symfony/Component/Form/Form.php

@@ -176,7 +176,11 @@ class Form extends FieldGroup
      */
     protected function generateCsrfToken($secret)
     {
-        return md5($secret.session_id().get_class($this));
+        $sessId = session_id();
+        if (!$sessId) {
+            throw new \LogicException('The session must be started in order to generate a proper CSRF Token');
+        }
+        return md5($secret.$sessId.get_class($this));
     }
 
     /**

tests/Symfony/Tests/Component/Form/FormTest.php

@@ -47,6 +47,11 @@ class FormTest extends \PHPUnit_Framework_TestCase
     protected $validator;
     protected $form;
 
+    public static function setUpBeforeClass()
+    {
+        @session_start();
+    }
+
     protected function setUp()
     {
         Form::disableDefaultCsrfProtection();