I ask you a question because I browsed all the web but I've not found any answer to my bug.
When I use the "render_esi" function from twig with "controller" function, the target page (protected by access_control) is showed, but when the cache time limit is reached (10 seconds after in my case) and I refresh the page, I'm redirected to the login page because I've lost my session (the session_id is changed).
{{ render_esi(controller('MyBackBundle:Parts:leftSideBar')) }} => Redirected when cache expire
{{ render_esi(url('my_back_parts_sidebar')) }} => Working Good all the time, no session expiration
I precise that I used the Symfony2 integrated Reverse proxy and not Varnish.
I don't want to create specific route for each sub-requested parts of my application.
I want to use the "_fragment" system of Symfony for convenience and mostly for security.
Solution
I found the solution per coincidence at the turn of another bug.
Symfony don't bring confidence to proxies by default (mostly with the Symfony AppCache activated).
You've to add 127.0.0.1 (the Symfony Reverse proxy) to the trusted proxies list and the esi don't logout you and redirect to home again.
Explains from Symfony french's documentation: http://symfony.com/fr/doc/current/components/http_foundation/trusting_proxies.html
"Lorsque vous utilisez le reverse proxy interne de Symfony (AppCache.php), assurez vous d'avoir ajouté 127.0.0.1 à la liste des proxies de confiance."
hope it helps someone.