Skip to content

Wrong advice in "How to load Security Users from the Database (the Entity Provider)" cookbook entry #3165

Closed
@fberci

Description

@fberci

The cookbook recommends implementing a custom serialize() method on your User object that only persists the id. However, this creates an unexpected issue. As the cookbook says, the User object will be refreshed after deserialization, but because the username field (among others) is missing from the deserialized object, Symfony will detect that the object has changed, and therefore it will set the token's authenticated flag to false. This should not happen.

The creators of the FOSBundle have also noticed this issue, please see their comment.

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecurityactionableClear and specific issues ready for anyone to take them.buggood first issueIdeal for your first contribution! (some Symfony experience may be required)hasPRA Pull Request has already been submitted for this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions