as said by @stof, app.user does always exists, you should check if app.user is not null. ( #2078 (comment) )

@wouterj 👍 you're right

@wouterj {% if app.user %} is not the same than {% if app.user is defined %}. The first one returns false for falsy values (if (null) is false) and explode on undefined variables (when using strict variables).

@stof I think it's exactly what I said?

@wouterj No. You said it always exist and the check should be changed. Always being defined is indeed true, but it is irrelevant in this contest as {% if app.user %} is not checking if it is defined but if it is truthy (which is what we need).

The only difference between {% if app.user %} and {% if app.user is not null %} is that the first one means if ($app->getUser()) whereas the second one means if (null !== $app->getUser()). But as $app->getUser() returns either null or a UserInterface instance, it is strictly equivalent.
So I would document {% if app.user %} for the only reason that it is shorter.

Btw, another way would be to check {% if app.security.token %} (and it would be the right one to be strict about what we check).

app.user can be null in 3 cases:

• app.security is null (happens when SecurityBundle is not registered in the project, in which case you have a bigger issue as using is_granted forbids you to compile the template as it also comes from SecurityBundle)
• app.security.token is null (not behind a firewall, which can happen on the error page when the error was in the routing, and is what we want to guard against)
• the user is anonymous (in which case the is_granted check would probably return false anyway, which is why using app.user can be considered a good way to make it shorter)