From 3f9f3c1fe3230d627230391194029f052eda2d08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= <jeremy@derusse.com>
Date: Thu, 20 May 2021 10:12:11 +0200
Subject: [PATCH] Remove deprecate session service

---
 .../Bundle/FrameworkBundle/CHANGELOG.md       |   4 +
 .../Controller/AbstractController.php         |   2 -
 .../Compiler/SessionPass.php                  |  72 ----------
 .../DependencyInjection/Configuration.php     |   9 +-
 .../FrameworkExtension.php                    |  37 +----
 .../FrameworkBundle/FrameworkBundle.php       |   2 -
 .../Bundle/FrameworkBundle/KernelBrowser.php  |   4 +-
 .../Resources/config/session.php              |  70 ----------
 .../FrameworkBundle/Resources/config/test.php |   1 -
 .../Session/DeprecatedSessionFactory.php      |  46 -------
 .../Session/ServiceSessionFactory.php         |  41 ------
 .../Controller/AbstractControllerTest.php     |   2 -
 .../Compiler/SessionPassTest.php              |  95 -------------
 .../DependencyInjection/ConfigurationTest.php |   3 +-
 .../php/session_cookie_secure_auto_legacy.php |   9 --
 .../Fixtures/php/session_legacy.php           |   8 --
 .../xml/session_cookie_secure_auto_legacy.xml |  12 --
 .../Fixtures/xml/session_legacy.xml           |  12 --
 .../yml/session_cookie_secure_auto_legacy.yml |   5 -
 .../Fixtures/yml/session_legacy.yml           |   4 -
 .../FrameworkExtensionTest.php                |  42 +-----
 .../DeprecatedSessionController.php           |  16 ---
 .../InjectedFlashbagSessionController.php     |  36 -----
 .../TestBundle/Resources/config/routing.yml   |   8 --
 .../Tests/Functional/SessionTest.php          |  50 -------
 .../Tests/Functional/app/Session/config.yml   |   8 --
 .../RegisterTokenUsageTrackingPass.php        |   2 +-
 .../RegisterTokenUsageTrackingPassTest.php    |   2 -
 .../RequestTrackerSubscriber.php              |   3 +-
 .../RegisterServiceSubscribersPass.php        |   3 +-
 .../Session/Storage/ServiceSessionFactory.php |  38 ------
 .../EventListener/AbstractSessionListener.php |  20 +--
 .../AbstractTestSessionListener.php           |  13 +-
 .../EventListener/SessionListener.php         |  25 ----
 .../EventListener/TestSessionListener.php     |  18 ---
 .../EventListener/SessionListenerTest.php     | 127 ++++++++++++------
 .../EventListener/TestSessionListenerTest.php |   7 +-
 .../Storage/UsageTrackingTokenStorage.php     |  24 +---
 .../Tests/Firewall/ContextListenerTest.php    |   8 +-
 39 files changed, 117 insertions(+), 771 deletions(-)
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Session/ServiceSessionFactory.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php
 delete mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php
 delete mode 100644 src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php

diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
index d0526e2ab5aa9..f6edaf681065d 100644
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -4,6 +4,10 @@ CHANGELOG
 6.0
 ---
 
+ * Remove the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead
+ * Remove `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead
+ * Remove the `session` service and the `SessionInterface` alias, use the `\Symfony\Component\HttpFoundation\Request::getSession()` or the new `\Symfony\Component\HttpFoundation\RequestStack::getSession()` methods instead
+ * Remove the `session.attribute_bag` service and `session.flash_bag` service
  * Remove the `lock.RESOURCE_NAME` and `lock.RESOURCE_NAME.store` services and the `lock`, `LockInterface`, `lock.store` and `PersistingStoreInterface` aliases, use `lock.RESOURCE_NAME.factory`, `lock.factory` or `LockFactory` instead
  * The `form.factory`, `form.type.file`, `translator`, `security.csrf.token_manager`, `serializer`,
    `cache_clearer`, `filesystem` and `validator` services are now private
diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
index c12a44437b72a..b56cd01f5b393 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
@@ -29,7 +29,6 @@
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -93,7 +92,6 @@ public static function getSubscribedServices(): array
             'request_stack' => '?'.RequestStack::class,
             'http_kernel' => '?'.HttpKernelInterface::class,
             'serializer' => '?'.SerializerInterface::class,
-            'session' => '?'.SessionInterface::class,
             'security.authorization_checker' => '?'.AuthorizationCheckerInterface::class,
             'twig' => '?'.Environment::class,
             'doctrine' => '?'.ManagerRegistry::class, // to be removed in 6.0
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php
deleted file mode 100644
index 7230fc9fb4ce2..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler;
-
-use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Reference;
-
-/**
- * @internal to be removed in 6.0
- */
-class SessionPass implements CompilerPassInterface
-{
-    public function process(ContainerBuilder $container)
-    {
-        if (!$container->has('session.factory')) {
-            return;
-        }
-
-        // BC layer: Make "session" an alias of ".session.do-not-use" when not overridden by the user
-        if (!$container->has('session')) {
-            $alias = $container->setAlias('session', '.session.do-not-use');
-            $alias->setDeprecated('symfony/framework-bundle', '5.3', 'The "%alias_id%" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.');
-            // restore previous behavior
-            $alias->setPublic(true);
-
-            return;
-        }
-
-        if ($container->hasDefinition('session')) {
-            $definition = $container->getDefinition('session');
-            $definition->setDeprecated('symfony/framework-bundle', '5.3', 'The "%service_id%" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.');
-        } else {
-            $alias = $container->getAlias('session');
-            $alias->setDeprecated('symfony/framework-bundle', '5.3', 'The "%alias_id%" and "SessionInterface" aliases are deprecated, use "$requestStack->getSession()" instead.');
-            $definition = $container->findDefinition('session');
-        }
-
-        // Convert internal service `.session.do-not-use` into alias of `session`.
-        $container->setAlias('.session.do-not-use', 'session');
-
-        $bags = [
-            'session.flash_bag' => $container->hasDefinition('session.flash_bag') ? $container->getDefinition('session.flash_bag') : null,
-            'session.attribute_bag' => $container->hasDefinition('session.attribute_bag') ? $container->getDefinition('session.attribute_bag') : null,
-        ];
-
-        foreach ($definition->getArguments() as $v) {
-            if (!$v instanceof Reference || !isset($bags[$bag = (string) $v]) || !\is_array($factory = $bags[$bag]->getFactory())) {
-                continue;
-            }
-
-            if ([0, 1] !== array_keys($factory) || !$factory[0] instanceof Reference || !\in_array((string) $factory[0], ['session', '.session.do-not-use'], true)) {
-                continue;
-            }
-
-            if ('get'.ucfirst(substr($bag, 8, -4)).'Bag' !== $factory[1]) {
-                continue;
-            }
-
-            $bags[$bag]->setFactory(null);
-        }
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
index df1de717c7c62..3465c01aa26ce 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -610,15 +610,8 @@ private function addSessionSection(ArrayNodeDefinition $rootNode)
                 ->arrayNode('session')
                     ->info('session configuration')
                     ->canBeEnabled()
-                    ->beforeNormalization()
-                        ->ifTrue(function ($v) {
-                            return \is_array($v) && isset($v['storage_id']) && isset($v['storage_factory_id']);
-                        })
-                        ->thenInvalid('You cannot use both "storage_id" and "storage_factory_id" at the same time under "framework.session"')
-                    ->end()
                     ->children()
-                        ->scalarNode('storage_id')->defaultValue('session.storage.native')->end()
-                        ->scalarNode('storage_factory_id')->defaultNull()->end()
+                        ->scalarNode('storage_factory_id')->defaultValue('session.storage.factory.native')->end()
                         ->scalarNode('handler_id')->defaultValue('session.handler.native_file')->end()
                         ->scalarNode('name')
                             ->validate()
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index f738f683e65f4..5b3326213a5d6 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -73,7 +73,6 @@
 use Symfony\Component\HttpClient\RetryableHttpClient;
 use Symfony\Component\HttpClient\ScopingHttpClient;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
 use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\HttpKernel\CacheClearer\CacheClearerInterface;
 use Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerInterface;
@@ -1057,20 +1056,7 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
         $loader->load('session.php');
 
         // session storage
-        if (null === $config['storage_factory_id']) {
-            trigger_deprecation('symfony/framework-bundle', '5.3', 'Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.');
-            $container->setAlias('session.storage', $config['storage_id']);
-            $container->setAlias('session.storage.factory', 'session.storage.factory.service');
-        } else {
-            $container->setAlias('session.storage.factory', $config['storage_factory_id']);
-
-            $container->removeAlias(SessionStorageInterface::class);
-            $container->removeDefinition('session.storage.metadata_bag');
-            $container->removeDefinition('session.storage.native');
-            $container->removeDefinition('session.storage.php_bridge');
-            $container->removeDefinition('session.storage.mock_file');
-            $container->removeAlias('session.storage.filesystem');
-        }
+        $container->setAlias('session.storage.factory', $config['storage_factory_id']);
 
         $options = ['cache_limiter' => '0'];
         foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'cookie_samesite', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor', 'sid_length', 'sid_bits_per_character'] as $key) {
@@ -1080,16 +1066,8 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
         }
 
         if ('auto' === ($options['cookie_secure'] ?? null)) {
-            if (null === $config['storage_factory_id']) {
-                $locator = $container->getDefinition('session_listener')->getArgument(0);
-                $locator->setValues($locator->getValues() + [
-                    'session_storage' => new Reference('session.storage', ContainerInterface::IGNORE_ON_INVALID_REFERENCE),
-                    'request_stack' => new Reference('request_stack'),
-                ]);
-            } else {
-                $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true);
-                $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true);
-            }
+            $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true);
+            $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true);
         }
 
         $container->setParameter('session.storage.options', $options);
@@ -1097,13 +1075,8 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
         // session handler (the internal callback registered with PHP session management)
         if (null === $config['handler_id']) {
             // Set the handler class to be null
-            if ($container->hasDefinition('session.storage.native')) {
-                $container->getDefinition('session.storage.native')->replaceArgument(1, null);
-                $container->getDefinition('session.storage.php_bridge')->replaceArgument(0, null);
-            } else {
-                $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null);
-                $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null);
-            }
+            $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null);
+            $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null);
 
             $container->setAlias('session.handler', 'session.handler.native_file');
         } else {
diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
index 7f439bb572f87..cfeef6e9f5862 100644
--- a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
+++ b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@@ -20,7 +20,6 @@
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\LoggingTranslatorPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\ProfilerPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\RemoveUnusedSessionMarshallingHandlerPass;
-use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SessionPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerRealRefPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerWeakRefPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\UnusedTagsPass;
@@ -159,7 +158,6 @@ public function build(ContainerBuilder $container)
         $container->addCompilerPass(new RegisterReverseContainerPass(true));
         $container->addCompilerPass(new RegisterReverseContainerPass(false), PassConfig::TYPE_AFTER_REMOVING);
         $container->addCompilerPass(new RemoveUnusedSessionMarshallingHandlerPass());
-        $container->addCompilerPass(new SessionPass());
 
         if ($container->getParameter('kernel.debug')) {
             $container->addCompilerPass(new AddDebugLogProcessorPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 2);
diff --git a/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php b/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
index bd7804af088e7..dc38ac294ff3d 100644
--- a/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
+++ b/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
@@ -127,11 +127,11 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
         $container = $this->getContainer();
         $container->get('security.untracked_token_storage')->setToken($token);
 
-        if (!$container->has('session') && !$container->has('session_factory')) {
+        if (!$container->has('session.factory')) {
             return $this;
         }
 
-        $session = $container->get($container->has('session') ? 'session' : 'session_factory');
+        $session = $container->get('session.factory')->createSession();
         $session->set('_security_'.$firewallContext, serialize($token));
         $session->save();
 
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php
index 43c0000dded40..185e85838271c 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php
@@ -11,14 +11,7 @@
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
-use Symfony\Bundle\FrameworkBundle\Session\DeprecatedSessionFactory;
-use Symfony\Bundle\FrameworkBundle\Session\ServiceSessionFactory;
-use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
-use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
-use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
-use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionFactory;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\IdentityMarshaller;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\MarshallingSessionHandler;
@@ -26,21 +19,15 @@
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\SessionHandlerFactory;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
-use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
 use Symfony\Component\HttpKernel\EventListener\SessionListener;
 
 return static function (ContainerConfigurator $container) {
     $container->parameters()->set('session.metadata.storage_key', '_sf2_meta');
 
     $container->services()
-        ->set('.session.do-not-use', Session::class) // to be removed in 6.0
-            ->factory([service('session.factory'), 'createSession'])
         ->set('session.factory', SessionFactory::class)
             ->args([
                 service('request_stack'),
@@ -79,60 +66,9 @@
                         param('session.metadata.update_threshold'),
                     ]),
             ])
-        ->set('session.storage.factory.service', ServiceSessionFactory::class)
-            ->args([
-                service('session.storage'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native", "session.storage.factory.php_bridge" or "session.storage.factory.mock_file" instead.')
 
-        ->set('.session.deprecated', SessionInterface::class) // to be removed in 6.0
-            ->factory([inline_service(DeprecatedSessionFactory::class)->args([service('request_stack')]), 'getSession'])
-        ->alias(SessionInterface::class, '.session.do-not-use')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" and "SessionInterface" aliases are deprecated, use "$requestStack->getSession()" instead.')
-        ->alias(SessionStorageInterface::class, 'session.storage')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory" instead.')
         ->alias(\SessionHandlerInterface::class, 'session.handler')
 
-        ->set('session.storage.metadata_bag', MetadataBag::class)
-            ->args([
-                param('session.metadata.storage_key'),
-                param('session.metadata.update_threshold'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, create your own "session.storage.factory" instead.')
-
-        ->set('session.storage.native', NativeSessionStorage::class)
-            ->args([
-                param('session.storage.options'),
-                service('session.handler'),
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native" instead.')
-
-        ->set('session.storage.php_bridge', PhpBridgeSessionStorage::class)
-            ->args([
-                service('session.handler'),
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.php_bridge" instead.')
-
-        ->set('session.flash_bag', FlashBag::class)
-            ->factory([service('.session.do-not-use'), 'getFlashBag'])
-            ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getFlashBag()" instead.')
-        ->alias(FlashBagInterface::class, 'session.flash_bag')
-
-        ->set('session.attribute_bag', AttributeBag::class)
-            ->factory([service('.session.do-not-use'), 'getBag'])
-            ->args(['attributes'])
-            ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getAttributeBag()" instead.')
-
-        ->set('session.storage.mock_file', MockFileSessionStorage::class)
-            ->args([
-                param('kernel.cache_dir').'/sessions',
-                'MOCKSESSID',
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.mock_file" instead.')
-
         ->set('session.handler.native_file', StrictSessionHandler::class)
             ->args([
                 inline_service(NativeFileSessionHandler::class)
@@ -147,8 +83,6 @@
             ->args([
                 service_locator([
                     'session_factory' => service('session.factory')->ignoreOnInvalid(),
-                    'session' => service('.session.do-not-use')->ignoreOnInvalid(),
-                    'initialized_session' => service('.session.do-not-use')->ignoreOnUninitialized(),
                     'logger' => service('logger')->ignoreOnInvalid(),
                     'session_collector' => service('data_collector.request.session_collector')->ignoreOnInvalid(),
                 ]),
@@ -158,10 +92,6 @@
             ->tag('kernel.event_subscriber')
             ->tag('kernel.reset', ['method' => 'reset'])
 
-        // for BC
-        ->alias('session.storage.filesystem', 'session.storage.mock_file')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory.mock_file" instead.')
-
         ->set('session.marshaller', IdentityMarshaller::class)
 
         ->set('session.marshalling_handler', MarshallingSessionHandler::class)
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php
index 76709595bf4b6..cef5dfc4ce80d 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php
@@ -38,7 +38,6 @@
         ->set('test.session.listener', SessionListener::class)
             ->args([
                 service_locator([
-                    'session' => service('.session.do-not-use')->ignoreOnInvalid(),
                     'session_factory' => service('session.factory')->ignoreOnInvalid(),
                 ]),
                 param('kernel.debug'),
diff --git a/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php b/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php
deleted file mode 100644
index faa29a1c7ef59..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Session/DeprecatedSessionFactory.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Bundle\FrameworkBundle\Session;
-
-use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException;
-use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
-
-/**
- * Provides session and trigger deprecation.
- *
- * Used by service that should trigger deprecation when accessed by the user.
- *
- * @author Jérémy Derussé <jeremy@derusse.com>
- *
- * @internal to be removed in 6.0
- */
-class DeprecatedSessionFactory
-{
-    private $requestStack;
-
-    public function __construct(RequestStack $requestStack)
-    {
-        $this->requestStack = $requestStack;
-    }
-
-    public function getSession(): ?SessionInterface
-    {
-        trigger_deprecation('symfony/framework-bundle', '5.3', 'The "session" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.');
-
-        try {
-            return $this->requestStack->getSession();
-        } catch (SessionNotFoundException $e) {
-            return null;
-        }
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Session/ServiceSessionFactory.php b/src/Symfony/Bundle/FrameworkBundle/Session/ServiceSessionFactory.php
deleted file mode 100644
index c057375016f25..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Session/ServiceSessionFactory.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Bundle\FrameworkBundle\Session;
-
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageFactoryInterface;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
-
-/**
- * @author Jérémy Derussé <jeremy@derusse.com>
- *
- * @internal to be removed in Symfony 6
- */
-final class ServiceSessionFactory implements SessionStorageFactoryInterface
-{
-    private $storage;
-
-    public function __construct(SessionStorageInterface $storage)
-    {
-        $this->storage = $storage;
-    }
-
-    public function createStorage(?Request $request): SessionStorageInterface
-    {
-        if ($this->storage instanceof NativeSessionStorage && $request && $request->isSecure()) {
-            $this->storage->setOptions(['cookie_secure' => true]);
-        }
-
-        return $this->storage;
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
index 128e85c9be7e1..a0e7e1caba524 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
@@ -67,7 +67,6 @@ public function testSubscribedServices()
             'request_stack' => '?Symfony\\Component\\HttpFoundation\\RequestStack',
             'http_kernel' => '?Symfony\\Component\\HttpKernel\\HttpKernelInterface',
             'serializer' => '?Symfony\\Component\\Serializer\\SerializerInterface',
-            'session' => '?Symfony\\Component\\HttpFoundation\\Session\\SessionInterface',
             'security.authorization_checker' => '?Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationCheckerInterface',
             'twig' => '?Twig\\Environment',
             'doctrine' => '?Doctrine\\Persistence\\ManagerRegistry',
@@ -492,7 +491,6 @@ public function testAddFlash()
         $requestStack->push($request);
 
         $container = new Container();
-        $container->set('session', $session);
         $container->set('request_stack', $requestStack);
 
         $controller = $this->createController();
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php
deleted file mode 100644
index 7cbb3262f131f..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\Compiler;
-
-use PHPUnit\Framework\TestCase;
-use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SessionPass;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Reference;
-
-class SessionPassTest extends TestCase
-{
-    public function testProcess()
-    {
-        $container = new ContainerBuilder();
-        $container
-            ->register('session.factory'); // marker service
-        $container
-            ->register('.session.do-not-use');
-
-        (new SessionPass())->process($container);
-
-        $this->assertTrue($container->hasAlias('session'));
-        $this->assertSame($container->findDefinition('session'), $container->getDefinition('.session.do-not-use'));
-        $this->assertTrue($container->getAlias('session')->isDeprecated());
-    }
-
-    public function testProcessUserDefinedSession()
-    {
-        $arguments = [
-            new Reference('session.flash_bag'),
-            new Reference('session.attribute_bag'),
-        ];
-        $container = new ContainerBuilder();
-        $container
-            ->register('session.factory'); // marker service
-        $container
-            ->register('session')
-            ->setArguments($arguments);
-        $container
-            ->register('session.flash_bag')
-            ->setFactory([new Reference('.session.do-not-use'), 'getFlashBag']);
-        $container
-            ->register('session.attribute_bag')
-            ->setFactory([new Reference('.session.do-not-use'), 'getAttributeBag']);
-
-        (new SessionPass())->process($container);
-
-        $this->assertSame($arguments, $container->getDefinition('session')->getArguments());
-        $this->assertNull($container->getDefinition('session.flash_bag')->getFactory());
-        $this->assertNull($container->getDefinition('session.attribute_bag')->getFactory());
-        $this->assertTrue($container->hasAlias('.session.do-not-use'));
-        $this->assertSame($container->getDefinition('session'), $container->findDefinition('.session.do-not-use'));
-        $this->assertTrue($container->getDefinition('session')->isDeprecated());
-    }
-
-    public function testProcessUserDefinedAlias()
-    {
-        $arguments = [
-            new Reference('session.flash_bag'),
-            new Reference('session.attribute_bag'),
-        ];
-        $container = new ContainerBuilder();
-        $container
-            ->register('session.factory'); // marker service
-        $container
-            ->register('trueSession')
-            ->setArguments($arguments);
-        $container
-            ->setAlias('session', 'trueSession');
-        $container
-            ->register('session.flash_bag')
-            ->setFactory([new Reference('.session.do-not-use'), 'getFlashBag']);
-        $container
-            ->register('session.attribute_bag')
-            ->setFactory([new Reference('.session.do-not-use'), 'getAttributeBag']);
-
-        (new SessionPass())->process($container);
-
-        $this->assertSame($arguments, $container->findDefinition('session')->getArguments());
-        $this->assertNull($container->getDefinition('session.flash_bag')->getFactory());
-        $this->assertNull($container->getDefinition('session.attribute_bag')->getFactory());
-        $this->assertTrue($container->hasAlias('.session.do-not-use'));
-        $this->assertSame($container->findDefinition('session'), $container->findDefinition('.session.do-not-use'));
-        $this->assertTrue($container->getAlias('session')->isDeprecated());
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
index 9d1f5ea421d37..ebf37c8a07bdb 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -468,8 +468,7 @@ protected static function getBundleDefaultConfig()
             ],
             'session' => [
                 'enabled' => false,
-                'storage_id' => 'session.storage.native',
-                'storage_factory_id' => null,
+                'storage_factory_id' => 'session.storage.factory.native',
                 'handler_id' => 'session.handler.native_file',
                 'cookie_httponly' => true,
                 'cookie_samesite' => null,
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php
deleted file mode 100644
index 23cd73767bd88..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-
-// To be removed in Symfony 6.0
-$container->loadFromExtension('framework', [
-    'session' => [
-        'handler_id' => null,
-        'cookie_secure' => 'auto',
-    ],
-]);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php
deleted file mode 100644
index e453305799971..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-// To be removed in Symfony 6.0
-$container->loadFromExtension('framework', [
-    'session' => [
-        'handler_id' => null,
-    ],
-]);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml
deleted file mode 100644
index 6893400865a8b..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_cookie_secure_auto_legacy.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" ?>
-<!-- To be removed in Symfony 6.0 -->
-<container xmlns="http://symfony.com/schema/dic/services"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:framework="http://symfony.com/schema/dic/symfony"
-    xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
-                        http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
-
-    <framework:config>
-        <framework:session handler-id="null" cookie-secure="auto" />
-    </framework:config>
-</container>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml
deleted file mode 100644
index 326cf268d967f..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/session_legacy.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" ?>
-<!-- To be removed in Symfony 6.0 -->
-<container xmlns="http://symfony.com/schema/dic/services"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:framework="http://symfony.com/schema/dic/symfony"
-    xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
-                        http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
-
-    <framework:config>
-        <framework:session handler-id="null"/>
-    </framework:config>
-</container>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml
deleted file mode 100644
index bac546c371b19..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_cookie_secure_auto_legacy.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# to be removed in Symfony 6.0
-framework:
-    session:
-        handler_id: ~
-        cookie_secure: auto
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml
deleted file mode 100644
index 171fadd07601a..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/session_legacy.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-# to be removed in Symfony 6.0
-framework:
-    session:
-        handler_id: null
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
index e20736f7b9d69..fc889af6a83d4 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -50,7 +50,6 @@
 use Symfony\Component\HttpClient\MockHttpClient;
 use Symfony\Component\HttpClient\RetryableHttpClient;
 use Symfony\Component\HttpClient\ScopingHttpClient;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\DependencyInjection\LoggerPass;
 use Symfony\Component\HttpKernel\Fragment\FragmentUriGeneratorInterface;
 use Symfony\Component\Messenger\Transport\TransportFactory;
@@ -547,12 +546,8 @@ public function testSession()
     {
         $container = $this->createContainerFromFile('full');
 
-        $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml');
         $this->assertEquals('fr', $container->getParameter('kernel.default_locale'));
         $this->assertEquals('session.storage.factory.native', (string) $container->getAlias('session.storage.factory'));
-        $this->assertFalse($container->has('session.storage'));
-        $this->assertFalse($container->has('session.storage.native'));
-        $this->assertFalse($container->has('session.storage.php_bridge'));
         $this->assertEquals('session.handler.native_file', (string) $container->getAlias('session.handler'));
 
         $options = $container->getParameter('session.storage.options');
@@ -576,31 +571,11 @@ public function testNullSessionHandler()
     {
         $container = $this->createContainerFromFile('session');
 
-        $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml');
         $this->assertNull($container->getDefinition('session.storage.factory.native')->getArgument(1));
         $this->assertNull($container->getDefinition('session.storage.factory.php_bridge')->getArgument(0));
         $this->assertSame('session.handler.native_file', (string) $container->getAlias('session.handler'));
 
-        $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector'];
-        $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues()));
-        $this->assertFalse($container->getDefinition('session.storage.factory.native')->getArgument(3));
-    }
-
-    /**
-     * @group legacy
-     */
-    public function testNullSessionHandlerLegacy()
-    {
-        $this->expectDeprecation('Since symfony/framework-bundle 5.3: Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.');
-
-        $container = $this->createContainerFromFile('session_legacy');
-
-        $this->assertTrue($container->hasAlias(SessionInterface::class), '->registerSessionConfiguration() loads session.xml');
-        $this->assertNull($container->getDefinition('session.storage.native')->getArgument(1));
-        $this->assertNull($container->getDefinition('session.storage.php_bridge')->getArgument(0));
-        $this->assertSame('session.handler.native_file', (string) $container->getAlias('session.handler'));
-
-        $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector'];
+        $expected = ['session_factory', 'logger', 'session_collector'];
         $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues()));
         $this->assertFalse($container->getDefinition('session.storage.factory.native')->getArgument(3));
     }
@@ -1627,20 +1602,7 @@ public function testSessionCookieSecureAuto()
     {
         $container = $this->createContainerFromFile('session_cookie_secure_auto');
 
-        $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector'];
-        $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues()));
-    }
-
-    /**
-     * @group legacy
-     */
-    public function testSessionCookieSecureAutoLegacy()
-    {
-        $this->expectDeprecation('Since symfony/framework-bundle 5.3: Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.');
-
-        $container = $this->createContainerFromFile('session_cookie_secure_auto_legacy');
-
-        $expected = ['session_factory', 'session', 'initialized_session', 'logger', 'session_collector', 'session_storage', 'request_stack'];
+        $expected = ['session_factory', 'logger', 'session_collector'];
         $this->assertEquals($expected, array_keys($container->getDefinition('session_listener')->getArgument(0)->getValues()));
     }
 
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php
deleted file mode 100644
index 75e9673c35a71..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/DeprecatedSessionController.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-namespace Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller;
-
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\Response;
-
-class DeprecatedSessionController extends AbstractController
-{
-    public function triggerAction()
-    {
-        $this->get('session');
-
-        return new Response('done');
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php
deleted file mode 100644
index 20c33a17e4353..0000000000000
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Controller/InjectedFlashbagSessionController.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-namespace Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller;
-
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
-use Symfony\Component\Routing\RouterInterface;
-
-class InjectedFlashbagSessionController
-{
-    /**
-     * @var FlashBagInterface
-     */
-    private $flashBag;
-
-    /**
-     * @var RouterInterface
-     */
-    private $router;
-
-    public function __construct(
-        FlashBagInterface $flashBag,
-        RouterInterface $router
-    ) {
-        $this->flashBag = $flashBag;
-        $this->router = $router;
-    }
-
-    public function setFlashAction(Request $request, $message)
-    {
-        $this->flashBag->add('notice', $message);
-
-        return new RedirectResponse($this->router->generate('session_showflash'));
-    }
-}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml
index d790c1a13125b..8d41ce3267131 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/Bundle/TestBundle/Resources/config/routing.yml
@@ -18,14 +18,6 @@ session_setflash:
     path:     /session_setflash/{message}
     defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SessionController::setFlashAction }
 
-injected_flashbag_session_setflash:
-    path:     injected_flashbag/session_setflash/{message}
-    defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\InjectedFlashbagSessionController::setFlashAction}
-
-deprecated_session_setflash:
-    path:     /deprecated_session/trigger
-    defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\DeprecatedSessionController::triggerAction}
-
 session_showflash:
     path:     /session_showflash
     defaults: { _controller: Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SessionController::showFlashAction }
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php
index 7d66ff1726657..ae8c7afafd425 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SessionTest.php
@@ -11,12 +11,8 @@
 
 namespace Symfony\Bundle\FrameworkBundle\Tests\Functional;
 
-use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
-
 class SessionTest extends AbstractWebTestCase
 {
-    use ExpectDeprecationTrait;
-
     /**
      * Tests session attributes persist.
      *
@@ -73,52 +69,6 @@ public function testFlash($config, $insulate)
         $this->assertStringContainsString('No flash was set.', $crawler->text());
     }
 
-    /**
-     * Tests flash messages work when flashbag service is injected to the constructor.
-     *
-     * @group legacy
-     * @dataProvider getConfigs
-     */
-    public function testFlashOnInjectedFlashbag($config, $insulate)
-    {
-        $this->expectDeprecation('Since symfony/framework-bundle 5.1: The "session.flash_bag" service is deprecated, use "$session->getFlashBag()" instead.');
-
-        $client = $this->createClient(['test_case' => 'Session', 'root_config' => $config]);
-        if ($insulate) {
-            $client->insulate();
-        }
-
-        // set flash
-        $client->request('GET', '/injected_flashbag/session_setflash/Hello%20world.');
-
-        // check flash displays on redirect
-        $this->assertStringContainsString('Hello world.', $client->followRedirect()->text());
-
-        // check flash is gone
-        $crawler = $client->request('GET', '/session_showflash');
-        $this->assertStringContainsString('No flash was set.', $crawler->text());
-    }
-
-    /**
-     * @group legacy
-     * @dataProvider getConfigs
-     */
-    public function testSessionServiceTriggerDeprecation($config, $insulate)
-    {
-        $this->expectDeprecation('Since symfony/framework-bundle 5.3: The "session" service and "SessionInterface" alias are deprecated, use "$requestStack->getSession()" instead.');
-
-        $client = $this->createClient(['test_case' => 'Session', 'root_config' => $config]);
-        if ($insulate) {
-            $client->insulate();
-        }
-
-        // trigger deprecation
-        $crawler = $client->request('GET', '/deprecated_session/trigger');
-
-        // check response
-        $this->assertStringContainsString('done', $crawler->text());
-    }
-
     /**
      * See if two separate insulated clients can run without
      * polluting each other's session data.
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml
index 03ee4fb151104..ad6bdb691ca52 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/app/Session/config.yml
@@ -5,11 +5,3 @@ services:
     Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\SubRequestController:
         tags:
             - { name: controller.service_arguments, action: indexAction, argument: handler, id: fragment.handler }
-
-    Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\InjectedFlashbagSessionController:
-        autowire: true
-        tags: ['controller.service_arguments']
-
-    Symfony\Bundle\FrameworkBundle\Tests\Functional\Bundle\TestBundle\Controller\DeprecatedSessionController:
-        autowire: true
-        autoconfigure: true
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php
index 5ba017f51e386..b26a32b5a7d6d 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php
@@ -41,7 +41,7 @@ public function process(ContainerBuilder $container)
             TokenStorageInterface::class => new BoundArgument(new Reference('security.untracked_token_storage'), false),
         ]);
 
-        if (!$container->has('session.factory') && !$container->has('session.storage')) {
+        if (!$container->has('session.factory')) {
             $container->setAlias('security.token_storage', 'security.untracked_token_storage')->setPublic(true);
             $container->getDefinition('security.untracked_token_storage')->addTag('kernel.reset', ['method' => 'reset']);
         } elseif ($container->hasDefinition('security.context_listener')) {
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php
index 57f12a8e911d5..cfc363b557c2c 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/RegisterTokenUsageTrackingPassTest.php
@@ -17,7 +17,6 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\DependencyInjection\Reference;
-use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionFactory;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
@@ -42,7 +41,6 @@ public function testContextListenerIsNotModifiedIfTokenStorageDoesNotSupportUsag
         $container = new ContainerBuilder();
 
         $container->setParameter('security.token_storage.class', TokenStorage::class);
-        $container->register('session', Session::class);
         $container->register('security.context_listener', ContextListener::class)
             ->setArguments([
                 new Reference('security.untracked_token_storage'),
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php
index 24a0357d84022..9496200e0486d 100644
--- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/RequestTrackerBundle/EventSubscriber/RequestTrackerSubscriber.php
@@ -17,8 +17,7 @@
 
 final class RequestTrackerSubscriber implements EventSubscriberInterface
 {
-    /** @var ?Request */
-    private $lastRequest;
+    private ?Request $lastRequest;
 
     public static function getSubscribedEvents(): array
     {
diff --git a/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php b/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php
index d01eff40b452f..528ac55fef08e 100644
--- a/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php
+++ b/src/Symfony/Component/DependencyInjection/Compiler/RegisterServiceSubscribersPass.php
@@ -68,6 +68,7 @@ protected function processValue(mixed $value, bool $isRoot = false): mixed
             throw new InvalidArgumentException(sprintf('Service "%s" must implement interface "%s".', $this->currentId, ServiceSubscriberInterface::class));
         }
         $class = $r->name;
+        // to remove when symfony/dependency-injection will stop being compatible with symfony/framework-bundle<6.0
         $replaceDeprecatedSession = $this->container->has('.session.deprecated') && $r->isSubclassOf(AbstractController::class);
         $subscriberMap = [];
 
@@ -89,7 +90,7 @@ protected function processValue(mixed $value, bool $isRoot = false): mixed
                 }
                 if ($replaceDeprecatedSession && SessionInterface::class === $type) {
                     // This prevents triggering the deprecation when building the container
-                    // Should be removed in Symfony 6.0
+                    // to remove when symfony/dependency-injection will stop being compatible with symfony/framework-bundle<6.0
                     $type = '.session.deprecated';
                 }
                 $serviceMap[$key] = new Reference($type);
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php b/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php
deleted file mode 100644
index d17c60aebaac1..0000000000000
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/ServiceSessionFactory.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Symfony\Component\HttpFoundation\Session\Storage;
-
-use Symfony\Component\HttpFoundation\Request;
-
-/**
- * @author Jérémy Derussé <jeremy@derusse.com>
- *
- * @internal to be removed in Symfony 6
- */
-final class ServiceSessionFactory implements SessionStorageFactoryInterface
-{
-    private $storage;
-
-    public function __construct(SessionStorageInterface $storage)
-    {
-        $this->storage = $storage;
-    }
-
-    public function createStorage(?Request $request): SessionStorageInterface
-    {
-        if ($this->storage instanceof NativeSessionStorage && $request && $request->isSecure()) {
-            $this->storage->setOptions(['cookie_secure' => true]);
-        }
-
-        return $this->storage;
-    }
-}
diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
index 603668484cea9..c674d404b19ce 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
@@ -44,7 +44,6 @@ abstract class AbstractSessionListener implements EventSubscriberInterface, Rese
     public const NO_AUTO_CACHE_CONTROL_HEADER = 'Symfony-Session-NoAutoCacheControl';
 
     protected $container;
-    private $sessionUsageStack = [];
     private $debug;
 
     /**
@@ -86,9 +85,6 @@ public function onKernelRequest(RequestEvent $event)
                 return $sess;
             });
         }
-
-        $session = $this->container && $this->container->has('initialized_session') ? $this->container->get('initialized_session') : null;
-        $this->sessionUsageStack[] = $session instanceof Session ? $session->getUsageIndex() : 0;
     }
 
     public function onKernelResponse(ResponseEvent $event)
@@ -101,10 +97,10 @@ public function onKernelResponse(ResponseEvent $event)
         $autoCacheControl = !$response->headers->has(self::NO_AUTO_CACHE_CONTROL_HEADER);
         // Always remove the internal header if present
         $response->headers->remove(self::NO_AUTO_CACHE_CONTROL_HEADER);
-
-        if (!$session = $this->container && $this->container->has('initialized_session') ? $this->container->get('initialized_session') : $event->getRequest()->getSession()) {
+        if (!$event->getRequest()->hasSession(true)) {
             return;
         }
+        $session = $event->getRequest()->getSession();
 
         if ($session->isStarted()) {
             /*
@@ -183,7 +179,7 @@ public function onKernelResponse(ResponseEvent $event)
             }
         }
 
-        if ($session instanceof Session ? $session->getUsageIndex() === end($this->sessionUsageStack) : !$session->isStarted()) {
+        if ($session instanceof Session ? $session->getUsageIndex() === 0 : !$session->isStarted()) {
             return;
         }
 
@@ -208,13 +204,6 @@ public function onKernelResponse(ResponseEvent $event)
         }
     }
 
-    public function onFinishRequest(FinishRequestEvent $event)
-    {
-        if ($event->isMainRequest()) {
-            array_pop($this->sessionUsageStack);
-        }
-    }
-
     public function onSessionUsage(): void
     {
         if (!$this->debug) {
@@ -239,7 +228,7 @@ public function onSessionUsage(): void
             return;
         }
 
-        if (!$session = $this->container && $this->container->has('initialized_session') ? $this->container->get('initialized_session') : $requestStack->getCurrentRequest()->getSession()) {
+        if (!$session = $requestStack->getCurrentRequest()->getSession()) {
             return;
         }
 
@@ -256,7 +245,6 @@ public static function getSubscribedEvents(): array
             KernelEvents::REQUEST => ['onKernelRequest', 128],
             // low priority to come after regular response listeners, but higher than StreamedResponseListener
             KernelEvents::RESPONSE => ['onKernelResponse', -1000],
-            KernelEvents::FINISH_REQUEST => ['onFinishRequest'],
         ];
     }
 
diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
index ff5c3d9c05d5e..85b507b4f51e2 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
@@ -14,7 +14,6 @@
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Session\Session;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Component\HttpKernel\Event\ResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
@@ -50,12 +49,11 @@ public function onKernelRequest(RequestEvent $event)
         }
 
         // bootstrap the session
-        if ($event->getRequest()->hasSession()) {
-            $session = $event->getRequest()->getSession();
-        } elseif (!$session = $this->getSession()) {
+        if (!$event->getRequest()->hasSession()) {
             return;
         }
 
+        $session = $event->getRequest()->getSession();
         $cookies = $event->getRequest()->cookies;
 
         if ($cookies->has($session->getName())) {
@@ -110,11 +108,4 @@ public static function getSubscribedEvents(): array
             KernelEvents::RESPONSE => ['onKernelResponse', -128],
         ];
     }
-
-    /**
-     * Gets the session object.
-     *
-     * @deprecated since Symfony 5.4, will be removed in 6.0.
-     */
-    abstract protected function getSession(): ?SessionInterface;
 }
diff --git a/src/Symfony/Component/HttpKernel/EventListener/SessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
index 61887fde68f14..f5f002d9f8ce1 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
@@ -18,39 +18,14 @@
 /**
  * Sets the session in the request.
  *
- * When the passed container contains a "session_storage" entry which
- * holds a NativeSessionStorage instance, the "cookie_secure" option
- * will be set to true whenever the current main request is secure.
- *
  * @author Fabien Potencier <fabien@symfony.com>
  *
  * @final
  */
 class SessionListener extends AbstractSessionListener
 {
-    public function onKernelRequest(RequestEvent $event)
-    {
-        parent::onKernelRequest($event);
-
-        if (!$event->isMainRequest() || (!$this->container->has('session') && !$this->container->has('session_factory'))) {
-            return;
-        }
-
-        if ($this->container->has('session_storage')
-            && ($storage = $this->container->get('session_storage')) instanceof NativeSessionStorage
-            && ($mainRequest = $this->container->get('request_stack')->getMainRequest())
-            && $mainRequest->isSecure()
-        ) {
-            $storage->setOptions(['cookie_secure' => true]);
-        }
-    }
-
     protected function getSession(): ?SessionInterface
     {
-        if ($this->container->has('session')) {
-            return $this->container->get('session');
-        }
-
         if ($this->container->has('session_factory')) {
             return $this->container->get('session_factory')->createSession();
         }
diff --git a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
index c5308269c4c05..7b8db523809c6 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
@@ -12,7 +12,6 @@
 namespace Symfony\Component\HttpKernel\EventListener;
 
 use Psr\Container\ContainerInterface;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 
 /**
  * Sets the session in the request.
@@ -25,25 +24,8 @@
  */
 class TestSessionListener extends AbstractTestSessionListener
 {
-    private $container;
-
     public function __construct(ContainerInterface $container, array $sessionOptions = [])
     {
-        $this->container = $container;
         parent::__construct($sessionOptions);
     }
-
-    /**
-     * @deprecated since Symfony 5.4, will be removed in 6.0.
-     */
-    protected function getSession(): ?SessionInterface
-    {
-        trigger_deprecation('symfony/http-kernel', '5.4', '"%s" is deprecated and will be removed in 6.0, inject a session in the request instead.', __METHOD__);
-
-        if ($this->container->has('session')) {
-            return $this->container->get('session');
-        }
-
-        return null;
-    }
 }
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
index d82aba64513e4..1f23fba08c98e 100644
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
@@ -48,17 +48,17 @@ public function testSessionIsSet()
     {
         $session = $this->createMock(Session::class);
         $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $requestStack = $this->createMock(RequestStack::class);
-        $requestStack->expects($this->once())->method('getMainRequest')->willReturn(null);
 
         $sessionStorage = $this->createMock(NativeSessionStorage::class);
         $sessionStorage->expects($this->never())->method('setOptions')->with(['cookie_secure' => true]);
 
         $container = new Container();
-        $container->set('session', $session);
+        $container->set('session_factory', $sessionFactory);
         $container->set('request_stack', $requestStack);
-        $container->set('session_storage', $sessionStorage);
 
         $request = new Request();
         $listener = new SessionListener($container);
@@ -92,13 +92,56 @@ public function testSessionUsesFactory()
         $this->assertSame($session, $request->getSession());
     }
 
+    public function testUsesFactoryWhenNeeded()
+    {
+        $session = $this->createMock(Session::class);
+        $session->expects($this->once())->method('getName')->willReturn('foo');
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
+
+        $container = new Container();
+        $container->set('session_factory', $sessionFactory);
+
+        $request = new Request();
+        $listener = new SessionListener($container);
+
+        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+        $listener->onKernelRequest($event);
+
+        $request->getSession();
+
+        $event = new ResponseEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST, new Response());
+        $listener->onKernelResponse($event);
+    }
+
+    public function testDontUsesFactoryWhenSessionIsNotUsed()
+    {
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->never())->method('createSession');
+
+        $container = new Container();
+        $container->set('session_factory', $sessionFactory);
+
+        $request = new Request();
+        $listener = new SessionListener($container);
+
+        $event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+        $listener->onKernelRequest($event);
+
+        $event = new ResponseEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST, new Response());
+        $listener->onKernelResponse($event);
+    }
+
     public function testResponseIsPrivateIfSessionStarted()
     {
         $session = $this->createMock(Session::class);
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->once())->method('getUsageIndex')->willReturn(1);
+        $session->expects($this->once())->method('getName')->willReturn('foo');
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
+        $container->set('session_factory', $sessionFactory);
 
         $listener = new SessionListener($container);
         $kernel = $this->createMock(HttpKernelInterface::class);
@@ -106,8 +149,10 @@ public function testResponseIsPrivateIfSessionStarted()
         $request = new Request();
         $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
 
+        $request->getSession();
+
         $response = new Response();
-        $listener->onKernelResponse(new ResponseEvent($kernel, new Request(), HttpKernelInterface::MAIN_REQUEST, $response));
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
 
         $this->assertTrue($response->headers->has('Expires'));
         $this->assertTrue($response->headers->hasCacheControlDirective('private'));
@@ -120,21 +165,22 @@ public function testResponseIsPrivateIfSessionStarted()
     public function testResponseIsStillPublicIfSessionStartedAndHeaderPresent()
     {
         $session = $this->createMock(Session::class);
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->once())->method('getUsageIndex')->willReturn(1);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
 
         $listener = new SessionListener($container);
         $kernel = $this->createMock(HttpKernelInterface::class);
 
         $request = new Request();
+        $request->setSession($session);
         $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
 
         $response = new Response();
         $response->setSharedMaxAge(60);
         $response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 'true');
-        $listener->onKernelResponse(new ResponseEvent($kernel, new Request(), HttpKernelInterface::MAIN_REQUEST, $response));
+
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
 
         $this->assertTrue($response->headers->hasCacheControlDirective('public'));
         $this->assertFalse($response->headers->has('Expires'));
@@ -147,25 +193,26 @@ public function testResponseIsStillPublicIfSessionStartedAndHeaderPresent()
     public function testSessionSaveAndResponseHasSessionCookie()
     {
         $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->exactly(1))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
         $session->expects($this->exactly(1))->method('getId')->willReturn('123456');
         $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
         $session->expects($this->exactly(1))->method('save');
         $session->expects($this->exactly(1))->method('isStarted')->willReturn(true);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
 
         $listener = new SessionListener($container);
         $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
 
         $request = new Request();
-        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST));
+        $request->setSession($session);
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
 
         $response = new Response();
-        $listener->onKernelResponse(new ResponseEvent($kernel, new Request(), HttpKernelInterface::MASTER_REQUEST, $response));
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
 
         $cookies = $response->headers->getCookies();
+        $this->assertCount(1, $cookies);
         $this->assertSame('PHPSESSID', $cookies[0]->getName());
         $this->assertSame('123456', $cookies[0]->getValue());
     }
@@ -177,9 +224,7 @@ public function testUninitializedSession()
         $response->setSharedMaxAge(60);
         $response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 'true');
 
-        $container = new ServiceLocator([
-            'initialized_session' => function () {},
-        ]);
+        $container = new Container();
 
         $listener = new SessionListener($container);
         $listener->onKernelResponse(new ResponseEvent($kernel, new Request(), HttpKernelInterface::MAIN_REQUEST, $response));
@@ -195,11 +240,12 @@ public function testSurrogateMainRequestIsPublic()
     {
         $session = $this->createMock(Session::class);
         $session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
-        $session->expects($this->exactly(4))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1, 1, 1));
+        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
-        $container->set('session', $session);
+        $container->set('session_factory', $sessionFactory);
 
         $listener = new SessionListener($container);
         $kernel = $this->createMock(HttpKernelInterface::class);
@@ -214,7 +260,6 @@ public function testSurrogateMainRequestIsPublic()
         $this->assertSame($request->getSession(), $subRequest->getSession());
         $listener->onKernelRequest(new RequestEvent($kernel, $subRequest, HttpKernelInterface::MAIN_REQUEST));
         $listener->onKernelResponse(new ResponseEvent($kernel, $subRequest, HttpKernelInterface::MAIN_REQUEST, $response));
-        $listener->onFinishRequest(new FinishRequestEvent($kernel, $subRequest, HttpKernelInterface::MAIN_REQUEST));
 
         $this->assertFalse($response->headers->has('Expires'));
         $this->assertFalse($response->headers->hasCacheControlDirective('private'));
@@ -235,19 +280,15 @@ public function testGetSessionIsCalledOnce()
     {
         $session = $this->createMock(Session::class);
         $session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
-        $sessionStorage = $this->createMock(NativeSessionStorage::class);
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
         $kernel = $this->createMock(KernelInterface::class);
 
-        $sessionStorage->expects($this->once())
-            ->method('setOptions')
-            ->with(['cookie_secure' => true]);
-
         $requestStack = new RequestStack();
         $requestStack->push($mainRequest = new Request([], [], [], [], [], ['HTTPS' => 'on']));
 
         $container = new Container();
-        $container->set('session_storage', $sessionStorage);
-        $container->set('session', $session);
+        $container->set('session_factory', $sessionFactory);
         $container->set('request_stack', $requestStack);
 
         $event = new RequestEvent($kernel, $mainRequest, HttpKernelInterface::MAIN_REQUEST);
@@ -256,9 +297,6 @@ public function testGetSessionIsCalledOnce()
         $listener->onKernelRequest($event);
 
         // storage->setOptions() should have been called already
-        $container->set('session_storage', null);
-        $sessionStorage = null;
-
         $subRequest = $mainRequest->duplicate();
         // at this point both main and subrequest have a closure to build the session
 
@@ -271,10 +309,13 @@ public function testGetSessionIsCalledOnce()
     public function testSessionUsageExceptionIfStatelessAndSessionUsed()
     {
         $session = $this->createMock(Session::class);
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->once())->method('getUsageIndex')->willReturn(1);
+        $session->expects($this->once())->method('getName')->willReturn('foo');
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
+        $container->set('session_factory', $sessionFactory);
 
         $listener = new SessionListener($container, true);
         $kernel = $this->createMock(HttpKernelInterface::class);
@@ -282,6 +323,7 @@ public function testSessionUsageExceptionIfStatelessAndSessionUsed()
         $request = new Request();
         $request->attributes->set('_stateless', true);
         $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+        $request->getSession();
 
         $this->expectException(UnexpectedSessionUsageException::class);
         $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, new Response()));
@@ -290,13 +332,16 @@ public function testSessionUsageExceptionIfStatelessAndSessionUsed()
     public function testSessionUsageLogIfStatelessAndSessionUsed()
     {
         $session = $this->createMock(Session::class);
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->once())->method('getName')->willReturn('foo');
+        $session->expects($this->once())->method('getUsageIndex')->willReturn(1);
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $logger = $this->createMock(LoggerInterface::class);
         $logger->expects($this->exactly(1))->method('warning');
 
         $container = new Container();
-        $container->set('initialized_session', $session);
+        $container->set('session_factory', $sessionFactory);
         $container->set('logger', $logger);
 
         $listener = new SessionListener($container, false);
@@ -305,6 +350,7 @@ public function testSessionUsageLogIfStatelessAndSessionUsed()
         $request = new Request();
         $request->attributes->set('_stateless', true);
         $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+        $request->getSession();
 
         $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, new Response()));
     }
@@ -314,11 +360,13 @@ public function testSessionIsSavedWhenUnexpectedSessionExceptionThrown()
         $session = $this->createMock(Session::class);
         $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
         $session->method('isStarted')->willReturn(true);
-        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
+        $session->expects($this->once())->method('getUsageIndex')->willReturn(1);
         $session->expects($this->exactly(1))->method('save');
+        $sessionFactory = $this->createMock(SessionFactory::class);
+        $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
 
         $container = new Container();
-        $container->set('initialized_session', $session);
+        $container->set('session_factory', $sessionFactory);
 
         $listener = new SessionListener($container, true);
         $kernel = $this->createMock(HttpKernelInterface::class);
@@ -327,6 +375,7 @@ public function testSessionIsSavedWhenUnexpectedSessionExceptionThrown()
         $request->attributes->set('_stateless', true);
 
         $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+        $request->getSession();
 
         $response = new Response();
         $this->expectException(UnexpectedSessionUsageException::class);
@@ -346,13 +395,13 @@ public function testSessionUsageCallbackWhenDebugAndStateless()
 
         $requestStack->push(new Request());
         $requestStack->push($request);
-        $requestStack->push(new Request());
+        $requestStack->push($subRequest = new Request());
+        $subRequest->setSession($session);
 
         $collector = $this->createMock(RequestDataCollector::class);
         $collector->expects($this->once())->method('collectSessionUsage');
 
         $container = new Container();
-        $container->set('initialized_session', $session);
         $container->set('request_stack', $requestStack);
         $container->set('session_collector', \Closure::fromCallable([$collector, 'collectSessionUsage']));
 
@@ -376,7 +425,6 @@ public function testSessionUsageCallbackWhenNoDebug()
         $collector->expects($this->never())->method('collectSessionUsage');
 
         $container = new Container();
-        $container->set('initialized_session', $session);
         $container->set('request_stack', $requestStack);
         $container->set('session_collector', $collector);
 
@@ -394,7 +442,6 @@ public function testSessionUsageCallbackWhenNoStateless()
         $requestStack->push(new Request());
 
         $container = new Container();
-        $container->set('initialized_session', $session);
         $container->set('request_stack', $requestStack);
 
         (new SessionListener($container, true))->onSessionUsage();
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
index 3bb76970621c3..854b9bb685ad0 100644
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
@@ -46,9 +46,6 @@ protected function setUp(): void
     {
         $this->listener = $this->getMockForAbstractClass(AbstractTestSessionListener::class);
         $this->session = $this->getSession();
-        $this->listener->expects($this->any())
-             ->method('getSession')
-             ->willReturn($this->session);
     }
 
     public function testShouldSaveMainRequestSession()
@@ -99,7 +96,7 @@ public function testEmptySessionWithNewSessionIdDoesSendCookie()
 
         $kernel = $this->createMock(HttpKernelInterface::class);
         $request = Request::create('/', 'GET', [], ['MOCKSESSID' => '123']);
-        $request->setSession($this->getSession());
+        $request->setSession($this->session);
         $event = new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST);
         $this->listener->onKernelRequest($event);
 
@@ -119,7 +116,7 @@ public function testSessionWithNewSessionIdAndNewCookieDoesNotSendAnotherCookie(
 
         $kernel = $this->createMock(HttpKernelInterface::class);
         $request = Request::create('/', 'GET', [], ['MOCKSESSID' => '123']);
-        $request->setSession($this->getSession());
+        $request->setSession($this->session);
         $event = new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST);
         $this->listener->onKernelRequest($event);
 
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php
index 4b2cac747abf5..d9f7f12af40ff 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Token/Storage/UsageTrackingTokenStorage.php
@@ -79,33 +79,11 @@ public static function getSubscribedServices(): array
 
     private function getSession(): SessionInterface
     {
-        // BC for symfony/security-bundle < 5.3
-        if ($this->container->has('session')) {
-            trigger_deprecation('symfony/security-core', '5.3', 'Injecting the "session" in "%s" is deprecated, inject the "request_stack" instead.', __CLASS__);
-
-            return $this->container->get('session');
-        }
-
         return $this->container->get('request_stack')->getSession();
     }
 
     private function shouldTrackUsage(): bool
     {
-        if (!$this->enableUsageTracking) {
-            return false;
-        }
-
-        // BC for symfony/security-bundle < 5.3
-        if ($this->container->has('session')) {
-            return true;
-        }
-
-        if (!$this->container->get('request_stack')->getMainRequest()) {
-            trigger_deprecation('symfony/security-core', '5.3', 'Using "%s" (service ID: "security.token_storage") outside the request-response cycle is deprecated, use the "%s" class (service ID: "security.untracked_token_storage") instead or disable usage tracking using "disableUsageTracking()".', __CLASS__, TokenStorage::class);
-
-            return false;
-        }
-
-        return true;
+        return $this->enableUsageTracking;
     }
 }
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
index 66334c45d3ff4..5df43364b8387 100644
--- a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
@@ -383,13 +383,9 @@ private function handleEventWithPreviousSession($userProviders, UserInterface $u
         $tokenStorage = new TokenStorage();
         $usageIndex = $session->getUsageIndex();
         $tokenStorage = new UsageTrackingTokenStorage($tokenStorage, new class(
-            (new \ReflectionClass(UsageTrackingTokenStorage::class))->hasMethod('getSession') ? [
+            [
                 'request_stack' => function () use ($requestStack) {
-                return $requestStack;
-            }] : [
-                // BC for symfony/framework-bundle < 5.3
-                'session' => function () use ($session) {
-                    return $session;
+                    return $requestStack;
                 },
             ]
         ) implements ContainerInterface {