From 4d80ebd5c85743812a4859d26b2e5d204dfa59d7 Mon Sep 17 00:00:00 2001
From: "H. Westphal" <westphal@secure-net-concepts.de>
Date: Thu, 10 Nov 2011 10:34:33 +0100
Subject: [PATCH] Remove security token if user was deleted, is disabled or
 locked to prevent infinite redirect loops to the login path (fixes #1798).

---
 .../Component/Security/Http/Firewall/ExceptionListener.php  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
index a36baf3cd4dd9..e34b14b5758c6 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
@@ -17,6 +17,7 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
 use Symfony\Component\Security\Http\HttpUtils;
@@ -158,6 +159,11 @@ private function startAuthentication(Request $request, AuthenticationException $
 
         $this->setTargetPath($request);
 
+        if ($authException instanceof AccountStatusException) {
+            // remove the security token to prevent infinite redirect loops
+            $this->context->setToken(null);
+        }
+
         return $this->authenticationEntryPoint->start($request, $authException);
     }