feature #24291 [SecurityBundle] Reset the authentication token between requests (derrabus)

Robin Chalas · Robin Chalas · commit 4badda981e5d · 2017-09-24T11:00:32.000+02:00
This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Reset the authentication token between requests | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #23984 | License | MIT | Doc PR | N/A Follow-up to #24155. This PR resets the token storage, making sure there's no user logged in at the beginning of a new request. Commits ------- e46b366 Reset the authentication token between requests.
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -21,7 +21,9 @@
         </service>
         <service id="Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface" alias="security.authorization_checker" />
 
-        <service id="security.token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" public="true" />
+        <service id="security.token_storage" class="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage" public="true">
+            <tag name="kernel.reset" method="setToken" />
+        </service>
         <service id="Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface" alias="security.token_storage" />
 
         <service id="security.user_value_resolver" class="Symfony\Bundle\SecurityBundle\SecurityUserValueResolver">
