Maybe a way to reset the user when it is needed? Token::setUser(); or as you say a way to stale the data to force a reload on the next retrival
On Dec 8, 1:49 pm, Lukas Kahwe Smith <[email protected]> wrote: > On 04.12.2010, at 13:21, Henrik Bjornskov wrote: > > > I have found little annoyance while working with the Security > > Component. Login / Logout and the providers work like a charm BUT the > > token which contains the user found by a provider gets serialized in > > the session. This means that every time the currently logged in user > > edits his/hers profile they should logout and then log back in. > > > Is there a reason why the user is not fetched on every request so the > > data for the user is fresh and to check that the currently logged in > > user still exists. A user could in theory get deleted by the site > > owner while being logged in. > > > If the user was retrieved on every request it would also make working > > with Facebook users a little easier since they would call $facebook- > >> getSession() when loading the user and if the user have removed their > > trust to the app it would automatically be invalid. > > Well this is really a cache invalidation topic and that means there are many > different approaches: > - no caching is what you are proposing here > - marking things stale, aka on very request it would check if the user data > is marked as stale and then update > - purging on change, this would require that sessions are somewhere > associated with user id's so that if there are changes to the user that the > session data could be modified accordingly > - ttl, aka in regular intervals the user would be fetched again > > regards, > Lukas Kahwe Smith > [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
