As discussed with @iltar and @chalasr in symfony/symfony #27459, and as discussed by @iltar in this blog post, significant serialization problems can arise if a UserInterface implementation gets too complex.

For example, if your UserInterface object is a doctrine entity with complex relational mappings, those mappings will get serialized and may cause problems upon unserialization. I've personally experienced this first hand, and the resulting behavior was very strange, unpredictable, and difficult to debug.

Consequently, I am wondering if the official documentation should explicitly warn user's against implementing complex UserInterface objects, particularly implementations that have sub-object properties (such as an entity with relational entity/Collection properties). It might even save some headaches to go as far as to advise against database Entities implementing UserInterface and instead promote @iltar's de-coupling approach (see blog post linked above).

The two documentation pages that I thought of in relation to this issue are:

1. How to Create a custom User Provider
2. How to Load Security Users from the Database (the Entity Provider)