disable session if not explicitely enabled

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -116,7 +116,9 @@ class FrameworkExtension extends Extension
             $this->registerParamConverterConfiguration($config, $container);
         }
 
-        $this->registerSessionConfiguration($config, $container);
+        if (array_key_exists('session', $config)) {
+            $this->registerSessionConfiguration($config, $container);
+        }
 
         if (array_key_exists('translator', $config)) {
             $this->registerTranslatorConfiguration($config, $container);

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

@@ -48,17 +48,18 @@ class FrameworkBundle extends Bundle
             FormConfiguration::enableDefaultCsrfProtection();
         }
 
-        $container = $this->container;
-
         // the session ID should always be included in the CSRF token, even
         // if default CSRF protection is not enabled
-        FormConfiguration::addDefaultCsrfSecret(function () use ($container) {
-            // automatically starts the session when the CSRF token is
-            // generated
-            $container->get('session')->start();
+        if ($this->container->has('session')) {
+            $container = $this->container;
+            FormConfiguration::addDefaultCsrfSecret(function () use ($container) {
+                // automatically starts the session when the CSRF token is
+                // generated
+                $container->get('session')->start();
 
-            return $container->get('session')->getId();
-        });
+                return $container->get('session')->getId();
+            });
+        }
     }
 
     public function registerExtensions(ContainerBuilder $container)

src/Symfony/Bundle/FrameworkBundle/RequestListener.php

@@ -64,7 +64,7 @@ class RequestListener
         }
 
         // inject the session object if none is present
-        if (null === $request->getSession()) {
+        if (null === $request->getSession() && $this->container->has('session')) {
             $request->setSession($this->container->get('session'));
         }