[Security] Expressions: is_fully_authenticated() vs IS_AUTHENTICATED_FULLY

[cristi-contiu]

In the Security / Expressions docs the differences between the is_remember_me() expression function and the IS_AUTHENTICATED_REMEMBERED attribute are clearly explained in the infobox.

They also mention that is_fully_authenticated is "Similar, but not equal to IS_AUTHENTICATED_FULLY, see below." but fail to provide such a distinction. Moreover, the explanation for is_fully_authenticated seems to be very similar the one for IS_AUTHENTICATED_FULLY - maybe I am missing some nuances:

• is_fully_authenticated() :

only returns true if the user has actually logged in during this session (i.e. is full-fledged)

• IS_AUTHENTICATED_FULLY :

Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY

If they are identical, we should change the explanation in the Security / Expressions docs to say : "Equal to using IS_AUTHENTICATED_FULLY with the isGranted() function."

If they are not identical, we should explain how are they different.

Thanks!