Invalidate context after switch user #506
Description
Currently invalidate executed after logout https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/blob/master/src/Security/Http/Logout/ContextInvalidationSessionLogoutHandler.php.
I had a problem with feature https://symfony.com/doc/current/security/impersonating_user.html. Should we be invalidation cache after switching?
Example of what I mean
<?php namespace App\EventSubscriber; use FOS\HttpCacheBundle\UserContextInvalidator; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Security\Http\Event\SwitchUserEvent; use Symfony\Component\Security\Http\SecurityEvents; class SwitchUserSubscriber implements EventSubscriberInterface { private $invalidator; public function __construct(UserContextInvalidator $invalidator) { $this->invalidator = $invalidator; } /** * {@inheritdoc} */ public static function getSubscribedEvents(): array { return [ SecurityEvents::SWITCH_USER => 'onSwitchUser', ]; } public function onSwitchUser(SwitchUserEvent $event): void { $request = $event->getRequest(); $this->invalidator->invalidateContext($request->getSession()->getId()); } }