File tree Expand file tree Collapse file tree 1 file changed +6
-0
lines changed Expand file tree Collapse file tree 1 file changed +6
-0
lines changed Original file line number Diff line number Diff line change @@ -343,6 +343,11 @@ can also create your own :ref:`custom user provider <security-custom-user-provid
343343 it using the :class: `Symfony\\ Component\\ Security\\ Core\\ User\\ UserProviderInterface `
344344 type-hint.
345345
346+ .. note ::
347+
348+ The maximum length allowed for the user identifier is 4096 characters to
349+ prevent `session storage flooding `_ attacks.
350+
346351.. _security-encoding-user-password :
347352
348353Registering the User: Hashing Passwords
@@ -2656,3 +2661,4 @@ Authorization (Denying Access)
26562661.. _`SymfonyCastsVerifyEmailBundle` : https://github.com/symfonycasts/verify-email-bundle
26572662.. _`HTTP Basic authentication` : https://en.wikipedia.org/wiki/Basic_access_authentication
26582663.. _`Login CSRF attacks` : https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
2664+ .. _`session storage flooding` : https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
You can’t perform that action at this time.
0 commit comments