[Security] Prefer clone over unserialize(serialize()) for user refreshment
This commit is contained in:
parent
d1bf595bdf
commit
a8eba803a3
@ -170,7 +170,7 @@ class ContextListener implements ListenerInterface
|
||||
|
||||
try {
|
||||
$refreshedUser = $provider->refreshUser($user);
|
||||
$newToken = unserialize(serialize($token));
|
||||
$newToken = clone $token;
|
||||
$newToken->setUser($refreshedUser);
|
||||
|
||||
// tokens can be deauthenticated if the user has been changed.
|
||||
|
Reference in New Issue
Block a user