Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 47b09f7

Browse files
fabpotfabpot
committed
merged branch snc/issue-1798-sf21 (PR #2598)
Commits ------- 4d80ebd Remove security token if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798). Discussion ---------- [2.1] Fix for issue 1798 Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #1798 This is a simplified PR of #2528 for the master branch.
2 parents 0025673 + 4d80ebd commit 47b09f7

File tree

1 file changed

+1
-2
lines changed

1 file changed

+1
-2
lines changed

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,10 +160,9 @@ private function startAuthentication(Request $request, AuthenticationException $
160160

161161
$this->setTargetPath($request);
162162

163-
if ($authException instanceof AccountStatusException && ($token = $this->context->getToken()) instanceof UsernamePasswordToken) {
163+
if ($authException instanceof AccountStatusException) {
164164
// remove the security token to prevent infinite redirect loops
165165
$this->context->setToken(null);
166-
$request->getSession()->remove('_security_' . $token->getProviderKey());
167166
}
168167

169168
return $this->authenticationEntryPoint->start($request, $authException);

0 commit comments

Comments
 (0)