Merge branch '5.4' into 6.0

* 5.4:
  [Serializer] Add missing types to FormErrorNormalizer
  [HttpFoundation] Fix deps
  minor #47299 [Console] fix expected command name order with mixed integer and string namespaces (xabbuh)
  [HttpFoundation] Fix tests on PHP 8.2
  fix expected command name order with mixed integer and string namespaces
  [Serializer] Add missing types to BackedEnumNormalizer
  Do not send deleted session cookie twice in the response

Author: nicolas-grekas

EventListener/AbstractSessionListener.php

@@ -153,6 +153,11 @@ public function onKernelResponse(ResponseEvent $event)
 
                 $isSessionEmpty = ($session instanceof Session ? $session->isEmpty() : empty($session->all())) && empty($_SESSION); // checking $_SESSION to keep compatibility with native sessions
                 if ($requestSessionCookieId && $isSessionEmpty) {
+                    // PHP internally sets the session cookie value to "deleted" when setcookie() is called with empty string $value argument
+                    // which happens in \Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler::destroy
+                    // when the session gets invalidated (for example on logout) so we must handle this case here too
+                    // otherwise we would send two Set-Cookie headers back with the response
+                    SessionUtils::popSessionCookie($sessionName, 'deleted');
                     $response->headers->clearCookie(
                         $sessionName,
                         $sessionCookiePath,