class TokenBasedRememberMeServices extends AbstractRememberMeServices
Concrete implementation of the RememberMeServicesInterface providing remember-me capabilities without requiring a TokenProvider.
Constants
| COOKIE_DELIMITER |
|
Methods
|
__construct(array $userProviders, string $key, string $providerKey, array $options = array(), LoggerInterface $logger = null)
Constructor |
from AbstractRememberMeServices | |
| string |
getRememberMeParameter()
Returns the parameter that is used for checking whether remember-me services have been requested. |
from AbstractRememberMeServices |
| getKey() | from AbstractRememberMeServices | |
| TokenInterface|null |
autoLogin(Request $request)
This method will be called whenever the SecurityContext does not contain an TokenInterface object and the framework wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. |
from AbstractRememberMeServices |
|
logout(Request $request, Response $response, TokenInterface $token)
This method is called by the LogoutListener when a user has requested to be logged out. |
from AbstractRememberMeServices | |
|
loginFail(Request $request)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid. |
from AbstractRememberMeServices | |
|
loginSuccess(Request $request, Response $response, TokenInterface $token)
Called whenever an interactive authentication attempt is successful (e.g. |
from AbstractRememberMeServices |
Details
in AbstractRememberMeServices at line 53
public
__construct(array $userProviders, string $key, string $providerKey, array $options = array(), LoggerInterface $logger = null)
Constructor
in AbstractRememberMeServices at line 78
public string
getRememberMeParameter()
Returns the parameter that is used for checking whether remember-me services have been requested.
in AbstractRememberMeServices at line 83
public
getKey()
in AbstractRememberMeServices at line 98
final public TokenInterface|null
autoLogin(Request $request)
This method will be called whenever the SecurityContext does not contain an TokenInterface object and the framework wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
No attempt whatsoever is made to determine whether the browser has requested
remember-me services or presented a valid cookie. Any and all such determinations
are left to the implementation of this method.
If a browser has presented an unauthorised cookie for whatever reason,
make sure to throw an AuthenticationException as this will consequentially
result in a call to loginFail() and therefore an invalidation of the cookie.
in AbstractRememberMeServices at line 152
public
logout(Request $request, Response $response, TokenInterface $token)
This method is called by the LogoutListener when a user has requested to be logged out.
Usually, you would unset session variables, or remove
cookies, etc.
in AbstractRememberMeServices at line 163
final public
loginFail(Request $request)
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
This method needs to take care of invalidating the cookie.
in AbstractRememberMeServices at line 177
final public
loginSuccess(Request $request, Response $response, TokenInterface $token)
Called whenever an interactive authentication attempt is successful (e.g.
a form login).
An implementation may always set a remember-me cookie in the Response,
although this is not recommended.
Instead, implementations should typically look for a request parameter
(such as a HTTP POST parameter) that indicates the browser has explicitly
requested for the authentication to be remembered.