Force incrementing session usage index upon programatic login

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/GuardedBundle/AppCustomAuthenticator.php

@@ -23,7 +23,7 @@ class AppCustomAuthenticator extends AbstractGuardAuthenticator
 {
     public function supports(Request $request)
     {
-        return true;
+        return '/manual_login' !== $request->getPathInfo() && '/profile' !== $request->getPathInfo();
     }
 
     public function getCredentials(Request $request)

src/Symfony/Bundle/SecurityBundle/Tests/Functional/Bundle/GuardedBundle/AuthenticationController.php

@@ -0,0 +1,38 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
+use Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken;
+
+class AuthenticationController
+{
+    public function manualLoginAction(GuardAuthenticatorHandler $guardAuthenticatorHandler, Request $request)
+    {
+        $guardAuthenticatorHandler->authenticateWithToken(new PostAuthenticationGuardToken(new User('Jane', 'test', ['ROLE_USER']), 'secure', ['ROLE_USER']), $request, 'secure');
+
+        return new Response('Logged in.');
+    }
+
+    public function profileAction(UserInterface $user = null)
+    {
+        if (null === $user) {
+            return new Response('Not logged in.');
+        }
+
+        return new Response('Username: '.$user->getUsername());
+    }
+}

src/Symfony/Bundle/SecurityBundle/Tests/Functional/GuardedTest.php

@@ -21,4 +21,14 @@ public function testGuarded()
 
         $this->assertSame(418, $client->getResponse()->getStatusCode());
     }
+
+    public function testManualLogin()
+    {
+        $client = $this->createClient(['debug' => true, 'test_case' => 'Guarded', 'root_config' => 'config.yml']);
+
+        $client->request('GET', '/manual_login');
+        $client->request('GET', '/profile');
+
+        $this->assertSame('Username: Jane', $client->getResponse()->getContent());
+    }
 }

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Guarded/config.yml

@@ -10,8 +10,19 @@ framework:
 services:
     logger: { class: Psr\Log\NullLogger }
     Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AppCustomAuthenticator: ~
+    Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AuthenticationController:
+        tags: [controller.service_arguments]
 
 security:
+    encoders:
+        Symfony\Component\Security\Core\User\User: plaintext
+
+    providers:
+        in_memory:
+            memory:
+                users:
+                    Jane: { password: test, roles: [ROLE_USER] }
+
     firewalls:
         secure:
             pattern: ^/

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/Guarded/routing.yml

@@ -3,3 +3,12 @@ main:
     defaults:
         _controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction
         path: /app
+profile:
+    path: /profile
+    defaults:
+        _controller: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AuthenticationController::profileAction
+
+manual_login:
+    path: /manual_login
+    defaults:
+        _controller: Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\GuardedBundle\AuthenticationController::manualLoginAction

src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php

@@ -62,6 +62,8 @@ public function __construct(TokenStorageInterface $tokenStorage, EventDispatcher
     public function authenticateWithToken(TokenInterface $token, Request $request, string $providerKey = null)
     {
         $this->migrateSession($request, $token, $providerKey);
+        // force incrementing the internal session usage index
+        $this->tokenStorage->getToken();
         $this->tokenStorage->setToken($token);
 
         if (null !== $this->dispatcher) {