Hi. https://github.com/fabpot/symfony/pull/173
--- http://about.me/everzet/bio On Sat, Dec 4, 2010 at 14:21, Henrik Bjornskov <[email protected]> wrote: > I have found little annoyance while working with the Security > Component. Login / Logout and the providers work like a charm BUT the > token which contains the user found by a provider gets serialized in > the session. This means that every time the currently logged in user > edits his/hers profile they should logout and then log back in. > > Is there a reason why the user is not fetched on every request so the > data for the user is fresh and to check that the currently logged in > user still exists. A user could in theory get deleted by the site > owner while being logged in. > > If the user was retrieved on every request it would also make working > with Facebook users a little easier since they would call $facebook- > >getSession() when loading the user and if the user have removed their > trust to the app it would automatically be invalid. > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-devs%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
