Merge branch '6.1' into 6.2

* 6.1:
  [HttpClient] Fix computing retry delay when using RetryableHttpClient
  [Uid] Fix validating UUID variant bits
  [Validator][UID] Stop to first ULID format violation
  [Bridge] Fix mkdir() race condition in ProxyCacheWarmer
  [Cache] update readme
  Bug #42343 [Security] Fix valid remember-me token exposure to the second consequent request
  Prevent exception if request stack is empty
  Psr18Client ignore invalid HTTP headers
  skip a transient test on AppVeyor

Author: nicolas-grekas

RememberMe/PersistentRememberMeHandler.php

@@ -69,7 +69,6 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte
 
         if ($this->tokenVerifier) {
             $isTokenValid = $this->tokenVerifier->verifyToken($persistentToken, $tokenValue);
-            $tokenValue = $persistentToken->getTokenValue();
         } else {
             $isTokenValid = hash_equals($persistentToken->getTokenValue(), $tokenValue);
         }
@@ -88,9 +87,9 @@ public function processRememberMe(RememberMeDetails $rememberMeDetails, UserInte
             $tokenLastUsed = new \DateTime();
             $this->tokenVerifier?->updateExistingToken($persistentToken, $tokenValue, $tokenLastUsed);
             $this->tokenProvider->updateToken($series, $tokenValue, $tokenLastUsed);
-        }
 
-        $this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
+            $this->createCookie($rememberMeDetails->withValue($series.':'.$tokenValue));
+        }
     }
 
     public function clearRememberMeCookie(): void

Tests/RememberMe/PersistentRememberMeHandlerTest.php

@@ -125,18 +125,7 @@ public function testConsumeRememberMeCookieValidByValidatorWithoutUpdate()
         $rememberMeDetails = new RememberMeDetails(InMemoryUser::class, 'wouter', 360, 'series1:oldTokenValue');
         $handler->consumeRememberMeCookie($rememberMeDetails);
 
-        // assert that the cookie has been updated with a new base64 encoded token value
-        $this->assertTrue($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));
-
-        /** @var Cookie $cookie */
-        $cookie = $this->request->attributes->get(ResponseListener::COOKIE_ATTR_NAME);
-
-        $cookieParts = explode(':', base64_decode($cookie->getValue()), 4);
-
-        $this->assertSame(InMemoryUser::class, $cookieParts[0]); // class
-        $this->assertSame(base64_encode('wouter'), $cookieParts[1]); // identifier
-        $this->assertSame('360', $cookieParts[2]); // expire
-        $this->assertSame('series1:tokenvalue', $cookieParts[3]); // value
+        $this->assertFalse($this->request->attributes->has(ResponseListener::COOKIE_ATTR_NAME));
     }
 
     public function testConsumeRememberMeCookieInvalidToken()