merged branch snc/issue-1798-sf21 (PR #2598)

Commits
-------

4d80ebd Remove security token if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798).

Discussion
----------

[2.1] Fix for issue 1798

Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #1798

This is a simplified PR of #2528 for the master branch.

src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php

@@ -160,10 +160,9 @@ class ExceptionListener
 
         $this->setTargetPath($request);
 
-        if ($authException instanceof AccountStatusException && ($token = $this->context->getToken()) instanceof UsernamePasswordToken) {
+        if ($authException instanceof AccountStatusException) {
             // remove the security token to prevent infinite redirect loops
             $this->context->setToken(null);
-            $request->getSession()->remove('_security_' . $token->getProviderKey());
         }
 
         return $this->authenticationEntryPoint->start($request, $authException);