Avoid regenerating the remember me token if it is still fresh
This commit is contained in:
parent
01602ef842
commit
a942b5f684
@ -74,8 +74,12 @@ final class PersistentRememberMeHandler extends AbstractRememberMeHandler
|
|||||||
throw new AuthenticationException('The cookie has expired.');
|
throw new AuthenticationException('The cookie has expired.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if a token was regenerated less than a minute ago, there is no need to regenerate it
|
||||||
|
// if multiple concurrent requests reauthenticate a user we do not want to update the token several times
|
||||||
|
if ($persistentToken->getLastUsed()->getTimestamp() + 60 < time()) {
|
||||||
$tokenValue = base64_encode(random_bytes(64));
|
$tokenValue = base64_encode(random_bytes(64));
|
||||||
$this->tokenProvider->updateToken($series, $this->generateHash($tokenValue), new \DateTime());
|
$this->tokenProvider->updateToken($series, $this->generateHash($tokenValue), new \DateTime());
|
||||||
|
}
|
||||||
|
|
||||||
$this->createCookie($rememberMeDetails->withValue($tokenValue));
|
$this->createCookie($rememberMeDetails->withValue($tokenValue));
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user