[FrameworkBundle] Use correct cookie domain in loginUser()

Author: wouterj

KernelBrowser.php

@@ -142,8 +142,13 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
         $session->set('_security_'.$firewallContext, serialize($token));
         $session->save();
 
-        $cookie = new Cookie($session->getName(), $session->getId());
-        $this->getCookieJar()->set($cookie);
+        $domains = array_unique(array_map(function (Cookie $cookie) use ($session) {
+            return $cookie->getName() === $session->getName() ? $cookie->getDomain() : '';
+        }, $this->getCookieJar()->all())) ?: [''];
+        foreach ($domains as $domain) {
+            $cookie = new Cookie($session->getName(), $session->getId(), null, null, $domain);
+            $this->getCookieJar()->set($cookie);
+        }
 
         return $this;
     }

Tests/Functional/SecurityTest.php

@@ -70,4 +70,20 @@ public function testLoginInBetweenRequests()
         $client->request('GET', '/main/user_profile');
         $this->assertEquals('Welcome the-username!', $client->getResponse()->getContent());
     }
+
+    public function testLoginUserMultipleTimes()
+    {
+        $userFoo = new InMemoryUser('the-username', 'the-password', ['ROLE_FOO']);
+        $userBar = new InMemoryUser('no-role-username', 'the-password');
+        $client = $this->createClient(['test_case' => 'Security', 'root_config' => 'config.yml']);
+        $client->loginUser($userFoo);
+
+        $client->request('GET', '/main/user_profile');
+        $this->assertEquals('Welcome the-username!', $client->getResponse()->getContent());
+
+        $client->loginUser($userBar);
+
+        $client->request('GET', '/main/user_profile');
+        $this->assertEquals('Welcome no-role-username!', $client->getResponse()->getContent());
+    }
 }