ddeboer
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
Lines changed: 53 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/AbstractTokenTest.php
Lines changed: 53 additions & 0 deletions
@@ -142,7 +142,8 @@ public function eraseCredentials()
      */
     public function serialize()
     {
-        return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));
+//        return serialize(array(serialize($this->user), $this->authenticated, $this->roles, $this->attributes));
+        return serialize(array(clone($this->user), $this->authenticated, $this->roles, $this->attributes));
     }
 
     /**
 
@@ -94,6 +94,6 @@ public function serialize()
     public function unserialize($serialized)
     {
         list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);
-        parent::unserialize($parentStr);
+        parent::unserialize(($parentStr));
     }
 }
@@ -11,7 +11,23 @@
 
 namespace Symfony\Component\Security\Core\Tests\Authentication\Token;
 
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Role\Role;
+use Symfony\Component\Security\Core\Role\SwitchUserRole;
+
+class Wrap implements \Serializable
+{
+    public function serialize()
+    {
+        var_dump(\unserialize(\serialize($this->token)));die;
+        return \serialize(unserialize(\serialize($this->token)));
+    }
+
+    public function unserialize($serialize)
+    {
+        $this->token = unserialize($serialize);
+    }
+}
 
 class TestUser
 {
@@ -71,6 +87,42 @@ public function testSerialize()
         $this->assertEquals($token->getAttributes(), $uToken->getAttributes());
     }
 
+    public function testSerializeRecursive()
+    {
+        $user = new TestUser('david');
+        $originalToken = new UsernamePasswordToken($user, 'credentials_previousz', 'secured_area', array('ROL1'));
+
+        $ser = \serialize(\serialize($originalToken));
+        $this->assertEquals(\unserialize(\unserialize($ser)), $originalToken);
+
+//        $wrap = new Wrap();
+//        $wrap->token = $originalToken;
+
+
+//        $uToken = \unserialize(\serialize(array($wrap)));
+//        var_dump($uToken);die;
+
+//        succeeds
+//        $serialized = \unserialize(\serialize($originalToken));
+//        $this->assertInstanceOf('Symfony\Component\Security\Core\Tests\Authentication\Token\TestUser', $serialized->getUser());
+
+        $roles = array(new SwitchUserRole('ROLE_PREVIOUS_ROLE', $originalToken));
+
+        $token = new UsernamePasswordToken($user, 'credentials', 'secured_area2', $roles);
+        $serialized = \serialize($token);
+        
+        $token2 = \unserialize($serialized);
+
+        print_r($token);
+        print_r($token2);
+
+        $user1 = \reset($token->getRoles())->getSource()->getUser();
+        $this->assertInstanceOf('Symfony\Component\Security\Core\Tests\Authentication\Token\TestUser', $user1);
+
+        $user2 = \reset($token2->getRoles())->getSource()->getUser();
+        $this->assertInstanceOf('Symfony\Component\Security\Core\Tests\Authentication\Token\TestUser', $user2);
+    }
+
     /**
      * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct
      */
@@ -242,3 +294,4 @@ protected function getToken(array $roles = array())
         return $this->getMockForAbstractClass('Symfony\Component\Security\Core\Authentication\Token\AbstractToken', array($roles));
     }
 }
+
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,8 @@ public function eraseCredentials()`
`142`	`142`	`*/`
`143`	`143`	`public function serialize()`
`144`	`144`	`{`
`145`		`- return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));`
	`145`	`+// return serialize(array(serialize($this->user), $this->authenticated, $this->roles, $this->attributes));`
	`146`	`+ return serialize(array(clone($this->user), $this->authenticated, $this->roles, $this->attributes));`
`146`	`147`	`}`
`147`	`148`
`148`	`149`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,6 @@ public function serialize()`
`94`	`94`	`public function unserialize($serialized)`
`95`	`95`	`{`
`96`	`96`	`list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);`
`97`		`- parent::unserialize($parentStr);`
	`97`	`+ parent::unserialize(($parentStr));`
`98`	`98`	`}`
`99`	`99`	`}`