Added 4.0 changelog

symfony · linaori · Aug 14, 2017 · Sep 22, 2017 · Sep 26, 2017 · Sep 26, 2017
commit 268e922862ee1f1793be6a93f6259adf81b0a283
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
@@ -642,6 +642,9 @@ Security
 
  * Support for defining voters that don't implement the `VoterInterface` has been removed.
 
+ * Calling `ContextListener::setLogoutOnUserChange(false)` won't have any
+   effect anymore.
+
 SecurityBundle
 --------------
 
@@ -660,6 +663,9 @@ SecurityBundle
    `Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
     as first argument.
 
+ * The firewall option `logout_on_user_change` is now always true, which will
+   trigger a logout if the user changes between requests.
+
 Serializer
 ----------
 

diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -37,6 +37,7 @@
 class ContextListener implements ListenerInterface
 {
     private $tokenStorage;
+    private $contextKey;
     private $sessionKey;
     private $logger;
     private $userProviders;
@@ -61,6 +62,7 @@ public function __construct(TokenStorageInterface $tokenStorage, $userProviders,
 
         $this->tokenStorage = $tokenStorage;
         $this->userProviders = $userProviders;
+        $this->contextKey = $contextKey;
         $this->sessionKey = '_security_'.$contextKey;
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;