Avoid regenerating the remember me token if it is still fresh
This commit is contained in:
parent
01602ef842
commit
a942b5f684
@ -74,8 +74,12 @@ final class PersistentRememberMeHandler extends AbstractRememberMeHandler
|
||||
throw new AuthenticationException('The cookie has expired.');
|
||||
}
|
||||
|
||||
// if a token was regenerated less than a minute ago, there is no need to regenerate it
|
||||
// if multiple concurrent requests reauthenticate a user we do not want to update the token several times
|
||||
if ($persistentToken->getLastUsed()->getTimestamp() + 60 < time()) {
|
||||
$tokenValue = base64_encode(random_bytes(64));
|
||||
$this->tokenProvider->updateToken($series, $this->generateHash($tokenValue), new \DateTime());
|
||||
}
|
||||
|
||||
$this->createCookie($rememberMeDetails->withValue($tokenValue));
|
||||
}
|
||||
|
Reference in New Issue
Block a user