I have found little annoyance while working with the Security Component. Login / Logout and the providers work like a charm BUT the token which contains the user found by a provider gets serialized in the session. This means that every time the currently logged in user edits his/hers profile they should logout and then log back in.
Is there a reason why the user is not fetched on every request so the data for the user is fresh and to check that the currently logged in user still exists. A user could in theory get deleted by the site owner while being logged in. If the user was retrieved on every request it would also make working with Facebook users a little easier since they would call $facebook- >getSession() when loading the user and if the user have removed their trust to the app it would automatically be invalid. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
