RememberMeServicesInterface
in
Interface that needs to be implemented by classes which provide remember-me capabilities.
We provide two implementations out-of-the-box:
- TokenBasedRememberMeServices (does not require a TokenProvider)
- PersistentTokenBasedRememberMeServices (requires a TokenProvider)
Tags
Table of Contents
- COOKIE_ATTR_NAME = '_security_remember_me_cookie'
- This attribute name can be used by the implementation if it needs to set a cookie on the Request when there is no actual Response, yet.
- autoLogin() : TokenInterface|null
- This method will be called whenever the TokenStorage does not contain a TokenInterface object and the framework wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
- loginFail() : mixed
- Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
- loginSuccess() : mixed
- Called whenever an interactive authentication attempt is successful (e.g. a form login).
Constants
COOKIE_ATTR_NAME
This attribute name can be used by the implementation if it needs to set a cookie on the Request when there is no actual Response, yet.
public
mixed
COOKIE_ATTR_NAME
= '_security_remember_me_cookie'
Methods
autoLogin()
This method will be called whenever the TokenStorage does not contain a TokenInterface object and the framework wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
public
autoLogin(Request $request) : TokenInterface|null
No attempt whatsoever is made to determine whether the browser has requested remember-me services or presented a valid cookie. Any and all such determinations are left to the implementation of this method.
If a browser has presented an unauthorised cookie for whatever reason, make sure to throw an AuthenticationException as this will consequentially result in a call to loginFail() and therefore an invalidation of the cookie.
Parameters
- $request : Request
Return values
TokenInterface|null —loginFail()
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
public
loginFail(Request $request[, Exception $exception = null ]) : mixed
This method needs to take care of invalidating the cookie.
Parameters
- $request : Request
- $exception : Exception = null
Return values
mixed —loginSuccess()
Called whenever an interactive authentication attempt is successful (e.g. a form login).
public
loginSuccess(Request $request, Response $response, TokenInterface $token) : mixed
An implementation may always set a remember-me cookie in the Response, although this is not recommended.
Instead, implementations should typically look for a request parameter (such as an HTTP POST parameter) that indicates the browser has explicitly requested for the authentication to be remembered.
Parameters
- $request : Request
- $response : Response
- $token : TokenInterface