I've found why the password is erased. That's the AuthenticationProviderManager which calls the eraseCredentials() method or not on the User class just after authentication according to the $eraseCredentials option passed to the constructor.
And in my eraseCredentials() implementation i was setting the password to null value. The thing is that this option doesn't seem to be accessible into the security configuration, maybe that's due to an oversight ? * -- Benjamin Dulau - anonymation CEO anonymation.com | code.anonymation.com ben...@anonymation.com * -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
