Description
In the Security / Expressions docs the differences between the is_remember_me() expression function and the IS_AUTHENTICATED_REMEMBERED attribute are clearly explained in the infobox.
They also mention that is_fully_authenticated is "Similar, but not equal to IS_AUTHENTICATED_FULLY, see below." but fail to provide such a distinction. Moreover, the explanation for is_fully_authenticated seems to be very similar the one for IS_AUTHENTICATED_FULLY - maybe I am missing some nuances:
only returns true if the user has actually logged in during this session (i.e. is full-fledged)
Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY
If they are identical, we should change the explanation in the Security / Expressions docs to say : "Equal to using IS_AUTHENTICATED_FULLY with the isGranted() function."
If they are not identical, we should explain how are they different.
Thanks!