TokenInterface autoLogin(Request $request)

This method will be called whenever the TokenStorage does not contain a TokenInterface object and the framework wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.

No attempt whatsoever is made to determine whether the browser has requested remember-me services or presented a valid cookie. Any and all such determinations are left to the implementation of this method.

If a browser has presented an unauthorised cookie for whatever reason, make sure to throw an AuthenticationException as this will consequentially result in a call to loginFail() and therefore an invalidation of the cookie.

Parameters

Request

$request

Return Value

TokenInterface

loginFail(Request $request, Exception $exception = null)

Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.

This method needs to take care of invalidating the cookie.

Parameters

Request	$request
Exception	$exception

loginSuccess(Request $request, Response $response, TokenInterface $token)

Called whenever an interactive authentication attempt is successful (e.g. a form login).

An implementation may always set a remember-me cookie in the Response, although this is not recommended.

Instead, implementations should typically look for a request parameter (such as a HTTP POST parameter) that indicates the browser has explicitly requested for the authentication to be remembered.

Parameters

Request	$request
Response	$response
TokenInterface	$token