On 02.02.2011, at 11:29, Fabien Potencier wrote: > On 2/2/11 7:55 AM, Lukas Kahwe Smith wrote: >> >> On 19.01.2011, at 23:55, Jeremy Mikola wrote: >> >>> Johannes clued me in to ContextListener::refreshUser(), which appears to be >>> what Lukas was referring to. This only functions if the token is not >>> immutable, which it would have been fine had I not been using >>> SwitchUserListener (the impersonation session it creates uses an immutable >>> token). >>> >>> So if ContextListener::refreshUser() is functioning, I think Doctrine >>> developers can do without re-authenticating after an edited, provided that >>> their UserProvider's loadUserByAccount() method does its query based on ID >>> instead of username. This should be a trivial change for FOS UserBundle at >>> least. >> >> In general imho the loadUserBy*() methods should get a parameter that makes >> it clear what the reason for the method call was (user triggered login, >> remember me, returning user with an active session etc). Right now we have >> some sort of "hint" for revisiting users since they are handled by the >> loadUserByAccount() method. But there is no way to differentiate remember me >> from a user triggered login. > > No, the loadUserBy*() method should have no knowledge of why they are called. > Their goal is just to load the User object, that's all.
this makes more intelligent caching strategies hard. also i want to decide when to fetch some more data from a 3rd party source etc. regards, Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
