You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+18-4
Original file line number
Diff line number
Diff line change
@@ -161,6 +161,7 @@ protected function refreshUser(TokenInterface $token)
161
161
}
162
162
163
163
$userNotFoundByProvider = false;
164
+
$userDeauthenticated = false;
164
165
165
166
foreach ($this->userProvidersas$provider) {
166
167
if (!$providerinstanceof UserProviderInterface) {
@@ -169,21 +170,26 @@ protected function refreshUser(TokenInterface $token)
169
170
170
171
try {
171
172
$refreshedUser = $provider->refreshUser($user);
172
-
$token->setUser($refreshedUser);
173
+
$newToken = unserialize(serialize($token));
174
+
$newToken->setUser($refreshedUser);
173
175
174
176
// tokens can be deauthenticated if the user has been changed.
175
-
if (!$token->isAuthenticated()) {
177
+
if (!$newToken->isAuthenticated()) {
176
178
if ($this->logoutOnUserChange) {
179
+
$userDeauthenticated = true;
180
+
177
181
if (null !== $this->logger) {
178
-
$this->logger->debug('Token was deauthenticated after trying to refresh it.', array('username' => $refreshedUser->getUsername(), 'provider' => \get_class($provider)));
182
+
$this->logger->debug('Cannot refresh token because user has changed.', array('username' => $refreshedUser->getUsername(), 'provider' => \get_class($provider)));
179
183
}
180
184
181
-
returnnull;
185
+
continue;
182
186
}
183
187
184
188
@trigger_error('Refreshing a deauthenticated user is deprecated as of 3.4 and will trigger a logout in 4.0.', E_USER_DEPRECATED);
0 commit comments