I am already using serialization in my application because my registration form is splitted into different steps and i need to hold datas in the sessions. So I can't overload it to store only "Security-useful" informations.
I think it would be an idea adding two functions in the user interface instead of serialize it, because the data which are stored in the session token has nothing to do with serialization which is a string representation of the entire object. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
