[Security] Prefer clone over unserialize(serialize()) for user refreshment

2018-12-15 11:27:20 +01:00 · 2018-12-15 11:27:20 +01:00 · a8eba803a3
commit a8eba803a3
parent d1bf595bdf
1 changed files with 1 additions and 1 deletions
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@ -170,7 +170,7 @@ class ContextListener implements ListenerInterface

            try {
                $refreshedUser = $provider->refreshUser($user);
-                $newToken = unserialize(serialize($token));
+                $newToken = clone $token;
                $newToken->setUser($refreshedUser);

                // tokens can be deauthenticated if the user has been changed.