Hmm..what I did was select "remember me" when logging in, and then before the session expired, I deleted the user from the database. From what I saw in the code, it would retrieve a null object because the username associated to the session doesn't exist in the database anymore.
I'm not sure whether this is sufficient information..if it isn't, let me know, and i'll post a more elaborate scenario when I get home. =) Bryan -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
