From c44ce56912afe007706fd343f13e53afc67ae3d5 Mon Sep 17 00:00:00 2001
From: Thomas Landauer <thomas@landauer.at>
Date: Mon, 31 Aug 2015 00:40:54 +0200
Subject: [PATCH] Info about CSRF protection

This should be explained *somewhere* (took me a while to figure it out). If this is not the right place (or format), please go ahead and correct it!
---
 components/http_foundation/sessions.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/http_foundation/sessions.rst b/components/http_foundation/sessions.rst
index 0034963f331..a9d449d0a2a 100644
--- a/components/http_foundation/sessions.rst
+++ b/components/http_foundation/sessions.rst
@@ -18,6 +18,10 @@ implementation of :class:`Symfony\\Component\\HttpFoundation\\Session\\SessionIn
     class. If you have a legacy session system that starts your session, see
     :doc:`Legacy Sessions </components/http_foundation/session_php_bridge>`.
 
+.. caution::
+
+    The Session is started automatically as soon as a form using :doc:`CSRF protection </book/forms.html#csrf-protection>` is rendered.
+
 Quick example::
 
     use Symfony\Component\HttpFoundation\Session\Session;