From 7b34eabe4b506c3e49e4dedbefee66c1612bb83d Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@xabbuh.de>
Date: Mon, 9 Dec 2013 21:08:43 +0100
Subject: [PATCH] improve the serialization of custom user models

---
 cookbook/security/entity_provider.rst | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst
index 4901510d418..2f50886668b 100644
--- a/cookbook/security/entity_provider.rst
+++ b/cookbook/security/entity_provider.rst
@@ -149,6 +149,9 @@ focus on the most important methods that come from the
         {
             return serialize(array(
                 $this->id,
+                $this->username,
+                $this->salt,
+                $this->password,
             ));
         }
 
@@ -159,10 +162,20 @@ focus on the most important methods that come from the
         {
             list (
                 $this->id,
+                $this->username,
+                $this->salt,
+                $this->password,
             ) = unserialize($serialized);
         }
     }
 
+.. note::
+
+    When implementing the
+    :class:`Symfony\\Component\\Security\\Core\\User\\EquatableInterface`,
+    you determine yourself which properties need to be compared to distinguish
+    your user objects.
+
 .. tip::
 
     :ref:`Generate the database table <book-doctrine-creating-the-database-tables-schema>`
@@ -219,7 +232,7 @@ layer is a piece of cake. Everything resides in the configuration of the
 :doc:`SecurityBundle </reference/configuration/security>` stored in the
 ``app/config/security.yml`` file.
 
-Below is an example of configuration where the user will enter their 
+Below is an example of configuration where the user will enter their
 username and password via HTTP basic authentication. That information will
 then be checked against your User entity records in the database:
 
@@ -358,7 +371,7 @@ For this example, the first three methods will return ``true`` whereas the
     use Doctrine\ORM\Mapping as ORM;
     use Symfony\Component\Security\Core\User\AdvancedUserInterface;
 
-    class User implements AdvancedUserInterface, \Serializable 
+    class User implements AdvancedUserInterface, \Serializable
     {
         // ...
 
@@ -386,7 +399,7 @@ For this example, the first three methods will return ``true`` whereas the
 Now, if you try to authenticate as a user who's ``is_active`` database field
 is set to 0, you won't be allowed.
 
-The next session will focus on how to write a custom entity provider 
+The next session will focus on how to write a custom entity provider
 to authenticate a user with their username or email address.
 
 Authenticating Someone with a Custom Entity Provider
@@ -552,7 +565,7 @@ methods have changed::
     class User implements AdvancedUserInterface, \Serializable
     {
         // ...
-        
+
         /**
          * @ORM\ManyToMany(targetEntity="Role", inversedBy="users")
          *
@@ -568,7 +581,7 @@ methods have changed::
         {
             return $this->roles->toArray();
         }
-        
+
         // ...
 
     }
@@ -625,7 +638,7 @@ of the application::
         {
             return $this->role;
         }
-        
+
         // ... getters and setters for each property
     }