From 28e9218caf8bb5197eab45a7a1ead9e940776bde Mon Sep 17 00:00:00 2001
From: phan7om <ph4nt0m055@gmail.com>
Date: Mon, 16 May 2016 19:24:09 +0800
Subject: [PATCH] Do not pass object without __toString for token generator

May be it's good for those who implements that receipt from cookbook to prevent them from this trap.
---
 cookbook/security/custom_password_authenticator.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cookbook/security/custom_password_authenticator.rst b/cookbook/security/custom_password_authenticator.rst
index 9ed7bbf98b3..644848da48a 100644
--- a/cookbook/security/custom_password_authenticator.rst
+++ b/cookbook/security/custom_password_authenticator.rst
@@ -65,6 +65,9 @@ the user::
                     );
                 }
 
+                // CAUTION: implement __toString method for $user object
+                // or pass the username (like a nickname, email address, etc.) instead $user
+                // otherwise you get a redirect error
                 return new UsernamePasswordToken(
                     $user,
                     $user->getPassword(),