diff --git a/tests/test_session_access.py b/tests/test_session_access.py
new file mode 100644
index 00000000..8c5b0779
--- /dev/null
+++ b/tests/test_session_access.py
@@ -0,0 +1,18 @@
+from flask import Flask, session
+
+
+def test_session_contains_sets_vary_cookie():
+    app = Flask(__name__)
+    app.secret_key = "secret"
+
+    @app.route("/")
+    def index():
+        "user_id" in session
+        return "ok"
+
+    client = app.test_client()
+    response = client.get("/")
+
+    assert response.status_code == 200
+    assert "Vary" in response.headers
+    assert "Cookie" in response.headers["Vary"]