symfony · fabpot · Oct 4, 2020 · Oct 3, 2020
@@ -56,6 +56,13 @@ public function supports(Request $request): ?bool
             return false;
         }
 
+        // if the attribute is set, this is a lazy firewall. The previous
+        // support call already indicated support, so return null and avoid
+        // recreating the cookie
+        if ($request->attributes->has('_remember_me_token')) {
+            return null;
+        }
+
         $token = $this->rememberMeServices->autoLogin($request);
         if (null === $token) {
             return false;

@@ -60,6 +60,14 @@ public function provideSupportsData()
         yield [$this->createMock(TokenInterface::class), null];
     }
 
+    public function testConsecutiveSupportsCalls()
+    {
+        $this->rememberMeServices->expects($this->once())->method('autoLogin')->with($this->request)->willReturn($this->createMock(TokenInterface::class));
+
+        $this->assertNull($this->authenticator->supports($this->request));
+        $this->assertNull($this->authenticator->supports($this->request));
+    }
+
     public function testAuthenticate()
     {
         $this->request->attributes->set('_remember_me_token', new RememberMeToken($user = new User('wouter', 'test'), 'main', 'secret'));