Force reauthentication after user permissions have been changed

Question

In my application I can change user permissions and roles in backend.

When a user is logged in and I remove a role of the user, the user can still access content which h

Answer 1

Make your user class implement Symfony\Component\Security\Core\User\EquatableInterface.

If you return false from the isEqualTo() method, the user will be reauthenticated. Use that method to compare only those properties that when changed should force reauthentication — roles in your case.