ajgl / sf4-to-sf5-role-unserialization
BC layer to keep users logged in after upgrading your Symfony 4 app to Symfony 5.
Requires (Dev)
- phpunit/phpunit: ^8.5
- symfony/security-core: ^5
Conflicts
- symfony/security-core: <5.0 || >=5.3.13 <5.4 || >=5.4.2
README
BC layer to keep users logged in after upgrading your Symfony 4 app to Symfony 5. See #44676.
The problem
The Symfony\Component\Security\Core\Role\Role and Symfony\Component\Security\Core\Role\SwitchUserRole classes were deprecated in Symfony 4.3 and
removed in Symfony 5.0.
But if you are using PHP sessions to keep users logged in and you are using any
authentication token that extends the given AbstractToken,
the authenticated token is being serialized with references to old role classes in your Symfony 4 app.
When you upgrade your app to Symfony 5, and the ContextListener tries to unserialize the
token, the old role classes no longer exist, causing an exception. The exception is caught by
Symfony and your users will only see their sessions closed without any reason.
This component will provide the missing role classes to prevent the unserialization error. These classes are only needed the first time a token is unserialized after the upgrade, so it can be safely removed when every Symfony 4 session has been upgraded or removed.
Installation
To install the latest stable version of this component, open a console and execute the following command:
$ composer require ajgl/sf4-to-sf5-role-unserialization
Uninstallation
To uninstall this component, open a console and execute the following command:
$ composer remove ajgl/sf4-to-sf5-role-unserialization
License
This component is under the MIT license. See the complete license in the LICENSE file.
Reporting an issue or a feature request
Issues and feature requests are tracked in the Github issue tracker.
Author Information
Developed with ♥ by Antonio J. García Lagar.
If you find this component useful, please add a ★ in the GitHub repository page.