From 13f57a2967360e45efa4a27e421b36152af2cef0 Mon Sep 17 00:00:00 2001
From: alcaeus <git@alcaeus.org>
Date: Wed, 19 Jun 2013 19:14:36 +0200
Subject: [PATCH] [fixed] Fixed example code so that custom authentication
 providers only clear their own tokens

---
 cookbook/security/custom_authentication_provider.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index fb676007b89..0625bf48e56 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -144,7 +144,11 @@ set an authenticated token in the security context if successful.
                 // ... you might log something here
 
                 // To deny the authentication clear the token. This will redirect to the login page.
-                // $this->securityContext->setToken(null);
+                // Make sure to only clear your token, not those of other authentication listeners.
+                // $token = $this->securityContext->getToken();
+                // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
+                //     $this->securityContext->setToken(null);
+                // }
                 // return;
 
                 // Deny authentication with a '403 Forbidden' HTTP response