File tree 2 files changed +7
-6
lines changed
2 files changed +7
-6
lines changed Original file line number Diff line number Diff line change @@ -343,11 +343,6 @@ can also create your own :ref:`custom user provider <security-custom-user-provid
343343 it using the :class: `Symfony\\ Component\\ Security\\ Core\\ User\\ UserProviderInterface `
344344 type-hint.
345345
346- .. note ::
347-
348- The maximum length allowed for the user identifier is 4096 characters to
349- prevent `session storage flooding `_ attacks.
350-
351346.. _security-encoding-user-password :
352347
353348Registering the User: Hashing Passwords
@@ -2661,4 +2656,3 @@ Authorization (Denying Access)
26612656.. _`SymfonyCastsVerifyEmailBundle` : https://github.com/symfonycasts/verify-email-bundle
26622657.. _`HTTP Basic authentication` : https://en.wikipedia.org/wiki/Basic_access_authentication
26632658.. _`Login CSRF attacks` : https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
2664- .. _`session storage flooding` : https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
Original file line number Diff line number Diff line change @@ -205,6 +205,11 @@ using :ref:`the user provider <security-user-providers>`::
205205 // ...
206206 $passport = new Passport(new UserBadge($email), $credentials);
207207
208+ .. note ::
209+
210+ The maximum length allowed for the user identifier is 4096 characters to
211+ prevent `session storage flooding `_ attacks.
212+
208213.. note ::
209214
210215 You can optionally pass a user loader as second argument to the
@@ -373,3 +378,5 @@ authenticator methods (e.g. ``createToken()``)::
373378 return new CustomOauthToken($passport->getUser(), $passport->getAttribute('scope'));
374379 }
375380 }
381+
382+ .. _`session storage flooding` : https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
You can’t perform that action at this time.
0 commit comments