diff --git a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php index 2293666ae7ecb..ad1d990fd74ff 100644 --- a/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php +++ b/src/Symfony/Component/Security/Http/RememberMe/PersistentRememberMeHandler.php @@ -160,7 +160,12 @@ public function clearRememberMeCookie(): void return; } - $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie); + try { + $rememberMeDetails = RememberMeDetails::fromRawCookie($cookie); + } catch (AuthenticationException) { + // malformed cookie should not fail the response and can be simply ignored + return; + } [$series] = explode(':', $rememberMeDetails->getValue()); $this->tokenProvider->deleteTokenBySeries($series); } diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php index a5bdac65118d8..bd539341c3f6c 100644 --- a/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentRememberMeHandlerTest.php @@ -74,6 +74,22 @@ public function testClearRememberMeCookie() $this->assertNull($cookie->getValue()); } + public function testClearRememberMeCookieMalformedCookie() + { + $this->tokenProvider->expects($this->exactly(0)) + ->method('deleteTokenBySeries'); + + $this->request->cookies->set('REMEMBERME', 'malformed'); + + $this->handler->clearRememberMeCookie(); + + $this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME)); + + /** @var Cookie $cookie */ + $cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME); + $this->assertNull($cookie->getValue()); + } + public function testConsumeRememberMeCookieValid() { $this->tokenProvider->expects($this->any())