Session Authenticator
The Session authenticator stores the user's authentication within the user's session, and on a secure cookie on their device. This is the standard password-based login used in most web sites. It supports a secure remember-me feature, and more. This can also be used to handle authentication for single page applications (SPAs).
Method References
attempt()
When a user attempts to login with their email and password, you would call the attempt() method
on the auth class, passing in their credentials.
$credentials = [
'email' => $this->request->getPost('email'),
'password' => $this->request->getPost('password')
];
$loginAttempt = auth()->attempt($credentials);
if (! $loginAttempt->isOK()) {
return redirect()->back()->with('error', $loginAttempt->reason());
}Upon a successful attempt(), the user is logged in. The Response object returned will provide
the user that was logged in as extraInfo().
$result = auth()->attempt($credentials);
if ($result->isOK()) {
$user = $result->extraInfo();
}If the attempt fails a failedLogin event is triggered with the credentials array as
the only parameter. Whether or not they pass, a login attempt is recorded in the auth_logins table.
If allowRemembering is true in the Auth config file, you can tell the Session authenticator
to set a secure remember-me cookie.
$loginAttempt = auth()->remember()->attempt($credentials);check()
If you would like to check a user's credentials without logging them in, you can use the check()
method.
$credentials = [
'email' => $this->request->getPost('email'),
'password' => $this->request->getPost('password')
];
$validCreds = auth()->check($credentials);
if (! $validCreds->isOK()) {
return redirect()->back()->with('error', $validCreds->reason());
}The Result instance returned contains the valid user as extraInfo().
loggedIn()
You can determine if a user is currently logged in with the aptly titled method, loggedIn().
if (auth()->loggedIn()) {
// Do something.
}logout()
You can call the logout() method to log the user out of the current session. This will destroy and
regenerate the current session, purge any remember-me tokens current for this user, and trigger a
logout event.
auth()->logout();forget()
The forget method will purge all remember-me tokens for the current user, making it so they
will not be remembered on the next visit to the site.
Events and Logging
The following is a list of Events and Logging for Session Authenticator.
Register
- Default Register
- Post email/username/password
- OK → event
registerandlogin - NG → no event
- OK → event
- Post email/username/password
- Register with Email Activation
- Post email/username/password
- OK → event
register - NG → no event
- OK → event
- Post token
- OK → event
login - NG → no event
- OK → event
- Post email/username/password
Login
- Default Login
- Post email/password
- OK → event
login/ tableauth_logins - NG → event
failedLogin/ tableauth_logins
- OK → event
- Post email/password
- Email2FA Login
- Post email/password
- OK → no event / table
auth_logins - NG → event
failedLogin/ tableauth_logins
- OK → no event / table
- Post token
- OK → event
login - NG → no event
- OK → event
- Post email/password
- Remember-me
- Send remember-me cookie w/o session cookie
- OK → no event
- NG → no event
- Send remember-me cookie w/o session cookie
- Magic-link
- Post email
- OK → no event
- NG → no event
- Send request with token
- OK → event
loginandmagicLogin/ tableauth_logins - NG → event
failedLogin/ tableauth_logins
- OK → event
- Post email