fix: use $response instance instead of static call in StartSessionMiddleware

[usernane]

Summary

Fix StartSessionMiddleware::after() calling Response::addHeader() statically instead of using the $response instance parameter, which caused session cookies to never be sent.

Motivation

addHeader() is an instance method on Response. The static call fails silently in PHP 8.x because the catch (Error $exc) block swallows the error. This means session cookies are never set, breaking session-based authentication. Fixes #297.

Changes

• Changed Response::addHeader('set-cookie', $headerVal) to $response->addHeader('set-cookie', $headerVal) in StartSessionMiddleware::after()

How to Test / Verify

• Assign start-session middleware to a route and verify the Set-Cookie header appears in the response
• Existing test suite passes (672 tests, all non-DB tests green)

Breaking Changes and Migration Steps

None

Checklist

• I reviewed my own diff before requesting review
• My commits follow Conventional Commits
• The title of the pull request follows Conventional Commits
• I added/updated tests (or explained why not)
• I updated docs (if needed)
• I ran lint/cs-fixer (if applicable)
• I considered backward compatibility
• I considered security

Related issues

Closes #297

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 74.84%. Comparing base (1faf4a1) to head (907984c).
⚠️ Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
...ri/Framework/Middleware/StartSessionMiddleware.php	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #305      +/-   ##
============================================
- Coverage     74.88%   74.84%   -0.05%     
  Complexity     2974     2974              
============================================
  Files            97       97              
  Lines          9509     9509              
============================================
- Hits           7121     7117       -4     
- Misses         2388     2392       +4     

Flag	Coverage Δ
php-8.1	?
php-8.2	76.16% <0.00%> (ø)
php-8.3	74.95% <0.00%> (ø)
php-8.4	74.95% <0.00%> (ø)
php-8.5	74.86% <0.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud