From 9626c64444f31a48af6c30e58d0865416f31e4f8 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 28 May 2018 12:46:31 +0200 Subject: [PATCH 1/2] Documented the logout_on_user_change option --- reference/configuration/security.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index 0a685a0b6fc..aead7fe85f7 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -141,6 +141,7 @@ Each part will be explained in the next section. # See "Firewall Context" below for more details context: context_key stateless: false + logout_on_user_change: false x509: provider: some_key_from_above remote_user: @@ -450,6 +451,18 @@ The ``invalidate_session`` option allows to redefine this behavior. Set this option to ``false`` in every firewall and the user will only be logged out from the current firewall and not the other ones. +logout_on_user_change +~~~~~~~~~~~~~~~~~~~~~ + +**type**: ``boolean`` **default**: ``false`` + +.. versionadded:: 3.4 + The ``logout_on_user_change`` option was introduced in Symfony 3.4. + +If ``true`` this option makes Symfony to trigger a logout when the user has +changed. Not doing that is deprecated, so this option should be set to ``true`` +to avoid getting deprecation messages. + .. _reference-security-ldap: LDAP functionality From 7b1b6e372b89f006a161e654534f58e59d6f44bf Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Tue, 29 May 2018 09:00:43 +0200 Subject: [PATCH 2/2] Added some details about what menas that the user has changed --- reference/configuration/security.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index aead7fe85f7..215fed9044c 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -463,6 +463,12 @@ If ``true`` this option makes Symfony to trigger a logout when the user has changed. Not doing that is deprecated, so this option should be set to ``true`` to avoid getting deprecation messages. +The user is considered to have changed when the user class implements +:class:`Symfony\\Component\\Security\\Core\\User\\EquatableInterface` and the +``isEqualTo()`` method returns ``false``. Also, when any of the properties +required by the :class:`Symfony\\Component\\Security\\Core\\User\\UserInterface` +(like the username, password or salt) changes. + .. _reference-security-ldap: LDAP functionality