avoid fatal error on invalid sessionv2.0.17

1 files changed, 15 insertions, 8 deletions

diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php
index 52dea56..1ef5995 100644
--- a/Http/Firewall/ContextListener.php
+++ b/Http/Firewall/ContextListener.php
@@ -66,19 +66,26 @@ class ContextListener implements ListenerInterface
 
         if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
             $this->context->setToken(null);
-        } else {
-            if (null !== $this->logger) {
-                $this->logger->debug('Read SecurityContext from the session');
-            }
+            return;
+        }
 
-            $token = unserialize($token);
+        $token = unserialize($token);
 
-            if (null !== $token) {
-                $token = $this->refreshUser($token);
+        if (null !== $this->logger) {
+            $this->logger->debug('Read SecurityContext from the session');
+        }
+
+        if ($token instanceof TokenInterface) {
+            $token = $this->refreshUser($token);
+        } elseif (null !== $token) {
+            if (null !== $this->logger) {
+                $this->logger->warn(sprintf('Session includes a "%s" where a security token is expected', is_object($value) ? get_class($value) : gettype($value)));
             }
 
-            $this->context->setToken($token);
+            $token = null;
         }
+
+        $this->context->setToken($token);
     }
 
     /**