symfony
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 5 additions & 2 deletions b/‎src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php
Lines changed: 5 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/SwitchUserTokenTest.php
Lines changed: 35 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Tests/Authentication/Token/SwitchUserTokenTest.php
Lines changed: 35 additions & 0 deletions
@@ -318,9 +318,12 @@ private function hasUserChanged(UserInterface $user): bool
         }
 
         $userRoles = array_map('strval', (array) $user->getRoles());
-        $rolesChanged = \count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()));
 
-        if ($rolesChanged) {
+        if ($this instanceof SwitchUserToken) {
+            $userRoles[] = 'ROLE_PREVIOUS_ADMIN';
+        }
+
+        if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
             return true;
         }
 
 
@@ -14,6 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 class SwitchUserTokenTest extends TestCase
 {
@@ -38,4 +39,38 @@ public function testSerialize()
         $this->assertSame('provider-key', $unserializedOriginalToken->getProviderKey());
         $this->assertEquals(['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'], $unserializedOriginalToken->getRoleNames());
     }
+
+    public function testSetUserDoesNotDeauthenticate()
+    {
+        $impersonated = new class() implements UserInterface {
+            public function getUsername()
+            {
+                return 'impersonated';
+            }
+
+            public function getPassword()
+            {
+                return null;
+            }
+
+            public function eraseCredentials()
+            {
+            }
+
+            public function getRoles()
+            {
+                return ['ROLE_USER'];
+            }
+
+            public function getSalt()
+            {
+                return null;
+            }
+        };
+
+        $originalToken = new UsernamePasswordToken('impersonator', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
+        $token = new SwitchUserToken($impersonated, 'bar', 'provider-key', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $originalToken);
+        $token->setUser($impersonated);
+        $this->assertTrue($token->isAuthenticated());
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -318,9 +318,12 @@ private function hasUserChanged(UserInterface $user): bool`
`318`	`318`	`}`
`319`	`319`
`320`	`320`	`$userRoles = array_map('strval', (array) $user->getRoles());`
`321`		`- $rolesChanged = \count($userRoles) !== \count($this->getRoleNames()) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()));`
`322`	`321`
`323`		`- if ($rolesChanged) {`
	`322`	`+ if ($this instanceof SwitchUserToken) {`
	`323`	`+ $userRoles[] = 'ROLE_PREVIOUS_ADMIN';`
	`324`	`+ }`
	`325`	`+`
	`326`	`+ if (\count($userRoles) !== \count($this->getRoleNames()) \|\| \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {`
`324`	`327`	`return true;`
`325`	`328`	`}`
`326`	`329`