From f3b11e70c0b0c3217bb91d3fa9b417256783ca4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= <jeremy@derusse.com>
Date: Fri, 18 Jun 2021 10:01:04 +0200
Subject: [PATCH] [Security] Fix value lost in RememberMe update

---
 .../Http/RememberMe/PersistentRememberMeHandler.php    |  2 +-
 .../RememberMe/PersistentRememberMeHandlerTest.php     | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
index 2be8cbc0becff..f60bd9d6b9141 100644
--- a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
+++ b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php
@@ -98,7 +98,7 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte
             $this->tokenProvider->updateToken($series, $tokenValueHash, $tokenLastUsed);
         }
 
-        $this->createCookie($rememberMeDetails->withValue($tokenValue));
+        $this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
     }
 
     /**
diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
index 44779829c613f..00ce37b8dac6e 100644
--- a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php
@@ -92,8 +92,14 @@ public function testConsumeRememberMeCookieValid()
 
         /** @var Cookie $cookie */
         $cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);
-        $this->assertNotEquals($rememberMeDetails->toString(), $cookie->getValue());
-        $this->assertMatchesRegularExpression('{'.str_replace('\\', '\\\\', base64_decode($rememberMeDetails->withValue('[a-zA-Z0-9/+]+')->toString())).'}', base64_decode($cookie->getValue()));
+        $rememberParts = explode(':', base64_decode($rememberMeDetails->toString()), 4);
+        $cookieParts = explode(':', base64_decode($cookie->getValue()), 4);
+
+        $this->assertSame($rememberParts[0], $cookieParts[0]); // class
+        $this->assertSame($rememberParts[1], $cookieParts[1]); // identifier
+        $this->assertSame($rememberParts[2], $cookieParts[2]); // expire
+        $this->assertNotSame($rememberParts[3], $cookieParts[3]); // value
+        $this->assertSame(explode(':', $rememberParts[3])[0], explode(':', $cookieParts[3])[0]); // series
     }
 
     public function testConsumeRememberMeCookieInvalidToken()