Stateless User Impersonation

In this short series we are investigating a new feature in Symfony 3.4, which is 'stateless user impersonation'.

The gist of this feature is to easily enable privileged users - typically site admins - to be able to behave as though they were really a different user.

This is a particularly useful ability when managing almost any site.

It's fairly common for site users to email in with problems affecting only their user profile. Maybe they are unsure how to add some essential details, or they see a particular error page that no other site users are reporting.

In these instances, being able to switch from your logged in Admin credentials to 'trick' Symfony into thinking you are a different user is very useful, particularly as you do not need to know the user's password in order to impersonate them.

This feature is already available inside Symfony. In fact, there's already a video explaining how to do this right here on CodeReviewVideos.com.

So, what's the difference here?

Well, these videos are all about impersonating users when using stateless authentication.

If you're working with a JSON API, and you are using JWT / JSON Web Tokens for example, the existing approach detailed above won't work for you. There is at least one third party bundle to provide this feature, but as of Symfony 3.4 we're getting this functionality built right into the framework.

And that's what we're going to cover here.

It's features like this that make me love Symfony more and more.