minor #21092 [Security] Remove mentions to deprecated eraseCredentials() method (javiereguiluz)

javiereguiluz · javiereguiluz · commit dd52ee61ecc4 · 2025-06-24T09:35:44.000+02:00
This PR was merged into the 8.0 branch. Discussion ---------- [Security] Remove mentions to deprecated eraseCredentials() method Fxies #21085. Commits ------- 29fc409 [Security] Remove mentions to deprecated eraseCredentials() method
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -46,32 +46,6 @@ access_denied_url
 Defines the URL where the user is redirected after a ``403`` HTTP error (unless
 you define a custom access denial handler). Example: ``/no-permission``
 
-erase_credentials
------------------
-
-**type**: ``boolean`` **default**: ``true``
-
-If ``true``, the ``eraseCredentials()`` method of the user object is called
-after authentication::
-
-    use Symfony\Component\Security\Core\User\UserInterface;
-
-    class User implements UserInterface
-    {
-        // ...
-
-        public function eraseCredentials(): void
-        {
-            // If you store any temporary, sensitive data on the user, clear it here
-            // $this->plainPassword = null;
-        }
-    }
-
-.. deprecated:: 7.3
-
-   Since Symfony 7.3, ``eraseCredentials()`` methods are deprecated and are
-   not called if they have the ``#[\Deprecated]`` attribute.
-
 expose_security_errors
 ----------------------
 
