Symfony-docs: Document the logout_on_user_change option

Created on 26 Sep 2017  路  5Comments  路  Source: symfony/symfony-docs

see symfony/symfony#23882

Security hasPR

Most helpful comment

Thanks for opening this issue. I agree this should be documented, since logout_on_user_change is true by default as of Symfony 4.0.

FOSUserBundle has a LastLoginListener that will change the user entity changes at every login and will cause a logout immediately. In my application there are some other attributes that can be changed, but that won't require the user to login again.

All 5 comments

Thanks for opening this issue. I agree this should be documented, since logout_on_user_change is true by default as of Symfony 4.0.

FOSUserBundle has a LastLoginListener that will change the user entity changes at every login and will cause a logout immediately. In my application there are some other attributes that can be changed, but that won't require the user to login again.

No news about it?

bumping this, what @stephanvierkant posted affects pretty much all apps that were working with FosUser before (which means a lot) with no docs posted on the matter.

it was mentioned in older symfony releases:
https://github.com/symfony/symfony/blob/v3.4.1/UPGRADE-3.4.md
but is not available on main 3.4 branch
https://github.com/symfony/symfony/blob/3.4/UPGRADE-3.4.md

I think it someone from Symfony devs should also create a PR to FosUser on how to work with this for the reason @stephanvierkant posted

For the solution, see this answer: https://stackoverflow.com/questions/47675301/token-was-deauthenticated-after-trying-to-refresh-it/47676103#47676103. Short answer: implement the EquatableInterface.

FOSUserBundle hasn't implemented EquatableInterface in their model and I'm not sure if they're planning to (no PR's in that direction)

Fixed by #9842.

Was this page helpful?
0 / 5 - 0 ratings