In Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::regenerate call to session_regenerate_id. session_regenerate_id does not create and lock new session file until script terminates.

It's a bug of PHP (https://bugs.php.net/bug.php?id=61470&edit=1) that persist in php 5.3 and 5.4. So using session_regenerate_id is undesirable.

For example I authenticate user in controller, so I call $this->sessionStrategy->onAuthentication($this->container->get('request'), $token); which calls session_regenerate_id. But if I using swiftmailer with memory spool and redirect user after authentication in controller like this:

...
$mailer->send($message);
...
$token = $this->createToken('main', $user);
$this->get('security.authentication.session_strategy')->onAuthentication($this->getRequest(), $token);
return $this->redirect($this->generateUrl('account'));

Session data is empty if browser opens new location before than script terminates, so user is not authenticated. But after waiting some time and refreshing page user became authenticated.