symfony
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+5-2Lines changed: 5 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
+5-2Lines changed: 5 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+66-1Lines changed: 66 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
+66-1Lines changed: 66 additions & 1 deletion
@@ -317,10 +317,13 @@ private function hasUserChanged(UserInterface $user): bool
             return true;
         }
 
-        $currentUserRoles = array_map('strval', (array) $this->user->getRoles());
         $userRoles = array_map('strval', (array) $user->getRoles());
 
-        if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
+        if ($this instanceof SwitchUserToken) {
+            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
+        }
+
+        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
             return true;
         }
 
 
@@ -238,13 +238,28 @@ public function getUserChangesAdvancedUser()
      */
     public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
     {
-        $token = new ConcreteToken(['ROLE_FOO']);
+        $token = new ConcreteToken();
+        $token->setAuthenticated(true);
+        $this->assertTrue($token->isAuthenticated());
+
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+
+        $token->setUser($user);
+        $this->assertTrue($token->isAuthenticated());
+    }
+
+    public function testIsUserChangedWhenSerializing()
+    {
+        $token = new ConcreteToken(['ROLE_ADMIN']);
         $token->setAuthenticated(true);
         $this->assertTrue($token->isAuthenticated());
 
+        $user = new SerializableUser('wouter', ['ROLE_ADMIN']);
         $token->setUser($user);
         $this->assertTrue($token->isAuthenticated());
 
+        $token = unserialize(serialize($token));
         $token->setUser($user);
         $this->assertTrue($token->isAuthenticated());
     }
@@ -265,6 +280,56 @@ public function __toString(): string
     }
 }
 
+class SerializableUser implements UserInterface, \Serializable
+{
+    private $roles;
+    private $name;
+
+    public function __construct($name, array $roles = [])
+    {
+        $this->name = $name;
+        $this->roles = $roles;
+    }
+
+    public function getUsername()
+    {
+        return $this->name;
+    }
+
+    public function getPassword()
+    {
+        return '***';
+    }
+
+    public function getRoles()
+    {
+        if (empty($this->roles)) {
+            return ['ROLE_USER'];
+        }
+
+        return $this->roles;
+    }
+
+    public function eraseCredentials()
+    {
+    }
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function serialize()
+    {
+        return serialize($this->name);
+    }
+
+    public function unserialize($serialized)
+    {
+        $this->name = unserialize($serialized);
+    }
+}
+
 class ConcreteToken extends AbstractToken
 {
     private $credentials = 'credentials_value';
Original file line number	Diff line number	Diff line change
`@@ -317,10 +317,13 @@ private function hasUserChanged(UserInterface $user): bool`
`317`	`317`	`return true;`
`318`	`318`	`}`
`319`	`319`
`320`		`- $currentUserRoles = array_map('strval', (array) $this->user->getRoles());`
`321`	`320`	`$userRoles = array_map('strval', (array) $user->getRoles());`
`322`	`321`
`323`		`- if (\count($userRoles) !== \count($currentUserRoles) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {`
	`322`	`+ if ($this instanceof SwitchUserToken) {`
	`323`	`+ $userRoles[] = 'ROLE_PREVIOUS_ADMIN';`
	`324`	`+ }`
	`325`	`+`
	`326`	`+ if (\count($userRoles) !== \count($this->getRoleNames()) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {`
`324`	`327`	`return true;`
`325`	`328`	`}`
`326`	`329`