Change user roles during a session in Symfony

Today I encountered a tricky problem with Symfony. If you change properties like the name or the password of your session user the information will be updated in the session automatically. Unfortunately there is one difference: If you change your model in a way that your getRoles method returns a different array of roles these are not updated in the session by default.
Symfony will just use the old roles array until the next real authentication.

So here is the simply solution: Just unauthenticate the user and Symfony will try to authenticate it again with the given credentials. This way the new roles will be loaded into the session.

public function activateAccountAction() {
    $token = $this->get( 'security.context' )->getToken();
    $token->getUser()->setSomethingThatAffectsTheRoleArray( true );
    // flush document manager or sth like that
    $token->setAuthenticated( false );
}

Tags: php, roles, security, session, symfony, user

• Create a custom password encoder for Symfony
• Create a custom user provider for Symfony
• How to load users from MongoDB in Symfony
• Testing HTTP interactions with Symfony’s Process component and PHP 5.4
• Using a DataTransformer to save tags for an object in Symfony
• How to write host-aware Twig templates in Symfony
• Assetic & LESS
• MongoDB, Doctrine and Symfony 2.0.11
• How to customize form rendering in Symfony
• How to use the “repeated” field type in Symfony