Bug #32873

Value changes for logged in account are not persisted due to session serialization

Added by Aske Ertmann almost 10 years ago. Updated over 9 years ago.

Status:
Accepted
Priority:
Must have
Category:
-
Target version:
-
Start date:
2011-12-29
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:

Description

Scenario: Change accountIdentifier or credentialsSource on an account (\TYPO3\FLOW3\Security\Account), while being logged in with that account. No values are persisted to the database, because the account is fetched from the serialized session and not loaded from the database. This happened using a fluid form with the account being send to an update action, and then using the accountRepository->update method.

It doesn't matter if the account is fetched originally through the accountRepository or the securityContext, which makes sense since it's just being passed as form data with an identifier..

I've looked in the session files (Temporary/Development/Sessions), where I can se the serialized account (TYPO3\FLOW3\Security\Account)

Quote from Andi: I think this was introduced with the 1.1 stuff and the new bootstrap…

#1

Updated by Karsten Dambekalns over 9 years ago

  • Status changed from New to Accepted
  • Assignee set to Karsten Dambekalns

Also available in: Atom PDF