I can see that the DigestStrategy already supports md5-sess

But then why in the response header it is not returned
According to the rfc2617#3.2.1 it would be assumed as md5 always

algorithm
A string indicating a pair of algorithms used to produce the digest
and a checksum. If this is not present it is assumed to be "MD5".
If the algorithm is not understood, the challenge should be ignored
(and a different one used, if there is more than one).

Since this strategy support both md5 and md5-sess, should the response header include both of them
Digest realm="", algorithm="MD5,MD5-sess", nonce="", qop=""