Wrong advice in "How to load Security Users from the Database (the Entity Provider)" cookbook entry #3165
Labels
actionable
Clear and specific issues ready for anyone to take them.
bug
good first issue
Ideal for your first contribution! (some Symfony experience may be required)
hasPR
A Pull Request has already been submitted for this issue.
Security
Comments
|
When not implementing the When not having a custom entity user repositroy, the So at least 4 properties should be serialized: |
|
Fixed up now - thanks very much Bertalan for the report - this was a good one! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The cookbook recommends implementing a custom
serialize()method on your User object that only persists the id. However, this creates an unexpected issue. As the cookbook says, the User object will be refreshed after deserialization, but because the username field (among others) is missing from the deserialized object, Symfony will detect that the object has changed, and therefore it will set the token's authenticated flag to false. This should not happen.The creators of the FOSBundle have also noticed this issue, please see their comment.
The text was updated successfully, but these errors were encountered: