Merge branch '6.0' into 6.1

nicolas-grekas · nicolas-grekas · commit 3cf64d6e812f · 2021-12-29T11:32:02.000+01:00
* 6.0:
  [Security] consider old session payloads as unauthenticated
diff --git a/Authentication/Token/AbstractToken.php b/Authentication/Token/AbstractToken.php
@@ -116,7 +116,7 @@ public function __serialize(): array
     public function __unserialize(array $data): void
     {
         [$user, , , $this->attributes, $this->roleNames] = $data;
-        $this->user = \is_string($user) ? new InMemoryUser($user, '', $this->roleNames) : $user;
+        $this->user = \is_string($user) ? new InMemoryUser($user, '', $this->roleNames, false) : $user;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ public function __serialize(): array`
`116`	`116`	`public function __unserialize(array $data): void`
`117`	`117`	`{`
`118`	`118`	`[$user, , , $this->attributes, $this->roleNames] = $data;`
`119`		`- $this->user = \is_string($user) ? new InMemoryUser($user, '', $this->roleNames) : $user;`
	`119`	`+ $this->user = \is_string($user) ? new InMemoryUser($user, '', $this->roleNames, false) : $user;`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`/**`