Skip to content

Commit 70dec3c

Browse files
nicolas-grekasnicolas-grekas
committed
bug #34859 [SecurityBundle] Fix TokenStorage::reset not called in stateless firewall (jderusse)
This PR was merged into the 4.4 branch. Discussion ---------- [SecurityBundle] Fix TokenStorage::reset not called in stateless firewall | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | NA | License | MIT | Doc PR | NA By default, the service `security.token_storage` is resetable. https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L22-L24 But when using a stateless application without session, the `RegisterTokenUsageTrackingPass` replace the service `security.token_storage` by an alias to `security.untracked_token_storage` (which is not tagged as resetable. Commits ------- 616c30f Fix TokenStorage::reset not called in stateless firewall
2 parents 3314677 + 616c30f commit 70dec3c

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ public function process(ContainerBuilder $container)
4343

4444
if (!$container->has('session')) {
4545
$container->setAlias('security.token_storage', 'security.untracked_token_storage')->setPublic(true);
46+
$container->getDefinition('security.untracked_token_storage')->addTag('kernel.reset', ['method' => 'reset']);
4647
} elseif ($container->hasDefinition('security.context_listener')) {
4748
$container->getDefinition('security.context_listener')
4849
->setArgument(6, [new Reference('security.token_storage'), 'enableUsageTracking']);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy