Update file-upload.md

PaddyS · web-flow · commit 8d568342a2e0 · 2025-05-06T22:44:40.000+02:00
Added part about serialization when using a file upload with the User entity, which gets serialized by Symfony for the session.
diff --git a/symfony/file-upload.md b/symfony/file-upload.md
@@ -490,3 +490,66 @@ final class UploadedFileDenormalizer implements DenormalizerInterface
 If you're not using `autowiring` and `autoconfiguring`, don't forget to register the service and tag it as `serializer.normalizer`.
 
 For resolving the file URL, you can use a custom normalizer, like shown in [the previous example](#resolving-the-file-url).
+
+## Uploading Files on Your User Entity
+
+If you’d like to add file-upload support directly to your `User` entity (rather than a dedicated `MediaObject`), there’s one extra “gotcha” you must handle:
+Symfony’s session storage will try to serialize your entire `User` object (including any `File` instance you’ve attached), and `File` is not serializable by default.
+
+To avoid PHP errors like:
+```
+Serialization of 'Symfony\Component\HttpFoundation\File\File' is not allowed
+```
+
+you need to implement both the old `\Serializable` interface **and**, depending on the PHP version, the new `__serialize()` / `__unserialize()` magic methods on your `User`, limiting serialization to just scalar fields (`id`, `email`, `password`, etc.).
+Symfony will then happily keep your `User` in the session while VichUploaderBundle handles the file itself.
+
+```php
+#[Vich\Uploadable]
+#[ORM\Entity]
+#[ApiResource(...)]
+class User implements UserInterface, PasswordAuthenticatedUserInterface, \Serializable
+{
+    private ?Uuid $id;
+    private ?string $email;
+    private ?string $password;
+
+    // …
+
+    //  Legacy Serializable, still used by Symfony SessionStorage
+    public function serialize(): string
+    {
+        return serialize([
+            (string) $this->id,
+            $this->email,
+            $this->password,
+        ]);
+    }
+
+    public function unserialize(string $data): void
+    {
+        list(
+            $this->id,
+            $this->email,
+            $this->password,
+        ) = unserialize($data);
+    }
+
+    // PHP 7.4+ Magic Methods
+    public function __serialize(): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'email' => $this->email,
+            'password' => $this->password,
+        ];
+    }
+
+    public function __unserialize(array $data): void
+    {
+        $this->id = Uuid::fromString($data['id']);
+        $this->email = $data['email'];
+        $this->password = $data['password'];
+    }
+}
+```
