Merge branch '2.3' into 2.4

* 2.3: (31 commits)
  Fix parent serialization of user object
  [DependencyInjection] fixed typo
  add memcache, memcached, and mongodb extensions to run skipped tests
  [DependencyInjection] Fixed support for backslashes in service ids.
  fix #9356 [Security] Logger should manipulate the user reloaded from provider
  [BrowserKit] fixes #8311 CookieJar is totally ignorant of RFC 6265 edge cases
  [HttpFoundation] fixed constants that do exist in 2.3 (only in 2.4)
  fix 5528 let ArrayNode::normalizeValue respect order of value array provided
  fix #7243 allow 0 as arraynode name
  Fixed issue in BaseDateTimeTransformer when invalid timezone cause Transformation filed exception (closes #9403).
  BinaryFileResponse should also return 416 or 200 on some range-requets
  Do normalization on tag options
  bumped Symfony version to 2.3.9
  updated VERSION for 2.3.8
  update CONTRIBUTORS for 2.3.8
  updated CHANGELOG for 2.3.8
  [Filesystem] Changed the mode for a target file in copy() to be write only.
  [Console] fixed CS
  fixed TableHelper when cell value has new line
  Improved and fixed grammar mistakes. Added pluralized messages
  ...

Conflicts:
	src/Symfony/Component/BrowserKit/Cookie.php
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Routing/Matcher/UrlMatcher.php

Author: fabpot

Authentication/Token/AbstractToken.php

@@ -142,7 +142,14 @@ public function eraseCredentials()
      */
     public function serialize()
     {
-        return serialize(array($this->user, $this->authenticated, $this->roles, $this->attributes));
+        return serialize(
+            array(
+                is_object($this->user) ? clone $this->user : $this->user,
+                $this->authenticated,
+                $this->roles,
+                $this->attributes
+            )
+        );
     }
 
     /**

Tests/Authentication/Token/AbstractTokenTest.php

@@ -11,7 +11,9 @@
 
 namespace Symfony\Component\Security\Core\Tests\Authentication\Token;
 
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
 use Symfony\Component\Security\Core\Role\Role;
+use Symfony\Component\Security\Core\Role\SwitchUserRole;
 
 class TestUser
 {
@@ -28,6 +30,31 @@ public function __toString()
     }
 }
 
+class ConcreteToken extends AbstractToken
+{
+    private $credentials = 'credentials_value';
+
+    public function __construct($user, array $roles = array())
+    {
+        parent::__construct($roles);
+
+        $this->setUser($user);
+    }
+
+    public function serialize()
+    {
+        return serialize(array($this->credentials, parent::serialize()));
+    }
+
+    public function unserialize($serialized)
+    {
+        list($this->credentials, $parentStr) = unserialize($serialized);
+        parent::unserialize($parentStr);
+    }
+
+    public function getCredentials() {}
+}
+
 class AbstractTokenTest extends \PHPUnit_Framework_TestCase
 {
     public function testGetUsername()
@@ -71,6 +98,20 @@ public function testSerialize()
         $this->assertEquals($token->getAttributes(), $uToken->getAttributes());
     }
 
+    public function testSerializeParent()
+    {
+        $user = new TestUser('fabien');
+        $token = new ConcreteToken($user, array('ROLE_FOO'));
+
+        $parentToken = new ConcreteToken($user, array(new SwitchUserRole('ROLE_PREVIOUS', $token)));
+        $uToken = unserialize(serialize($parentToken));
+
+        $this->assertEquals(
+            current($parentToken->getRoles())->getSource()->getUser(),
+            current($uToken->getRoles())->getSource()->getUser()
+        );
+    }
+
     /**
      * @covers Symfony\Component\Security\Core\Authentication\Token\AbstractToken::__construct
      */