see symfony/symfony#23882
Thanks for opening this issue. I agree this should be documented, since logout_on_user_change is true by default as of Symfony 4.0.
FOSUserBundle has a LastLoginListener that will change the user entity changes at every login and will cause a logout immediately. In my application there are some other attributes that can be changed, but that won't require the user to login again.
No news about it?
bumping this, what @stephanvierkant posted affects pretty much all apps that were working with FosUser before (which means a lot) with no docs posted on the matter.
it was mentioned in older symfony releases:
https://github.com/symfony/symfony/blob/v3.4.1/UPGRADE-3.4.md
but is not available on main 3.4 branch
https://github.com/symfony/symfony/blob/3.4/UPGRADE-3.4.md
I think it someone from Symfony devs should also create a PR to FosUser on how to work with this for the reason @stephanvierkant posted
For the solution, see this answer: https://stackoverflow.com/questions/47675301/token-was-deauthenticated-after-trying-to-refresh-it/47676103#47676103. Short answer: implement the EquatableInterface.
FOSUserBundle hasn't implemented EquatableInterface in their model and I'm not sure if they're planning to (no PR's in that direction)
Fixed by #9842.
Most helpful comment
Thanks for opening this issue. I agree this should be documented, since
logout_on_user_changeistrueby default as of Symfony 4.0.FOSUserBundlehas aLastLoginListenerthat will change the user entity changes at every login and will cause a logout immediately. In my application there are some other attributes that can be changed, but that won't require the user to login again.