I try in annotation
* @Cache(expires="+10 hours", public=false)
or in controller
$maxAge = 60*60;
$response->setExpires(Carbon::create()->addHour());
$response->setSharedMaxAge($maxAge);
$response->setPublic();
$response->setMaxAge($maxAge);
And still have Cache-Control: max-age=0, must-revalidate, private
App use sessions, user is login - I want - cache private, but nothing work - I always get this.
I've added FOS\HttpCacheBundle\FOSHttpCacheBundle()
(just add) Have hope to it override symfony cache and allow send cache private - but nothing change.
This behaviour is new as of Symfony 3.4 and 4.0. If a user session has been initialized it will always set the headers as described in your question.
Introduced in Symfony 4.1 you can override this behaviour. However as this is a new feature this will not be backported to Symfony 3.4.
$response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 'true');
You can read about this in the Symfony documentation: HTTP Caching and User Sessions