====== Accesstoken class ====== The accesstoken is used to handle access to instances and is an easy way to handle security. A session using an accesstoken can be established like: // Generate the object. $token = new Accesstoken(); // Generate an unique token code within the object. $token->generateTokenCode(); // Select when the token expires $timestamp = new Timestamp('now'); // We expire it in ten minutes. $accesstoken->expire_date = $timestamp->add(10*60); // Save it for later reference. $token->save(); // Write the token code to the session $token->setSession(); This is boiled into a number of methods. $token = Accesstoken::acquireAnonymous(60*60); The code above acquires an access token which isn't associated with any user, and lasts for one hour. To associate an access token with a user, this is done like: $user = new User(); $user->loadForRead($some_user_id) $token = Accesstoken::acquire($user); To check for a valid access token, do one of the following: if (! Accesstoken::validateSession()) die('You aren\'t logged in, or your login expired'); Accesstoken::validateSession('/url-to-not-logged-in'); // The options below will cause a successful validation to make the session valid for ten more minutes. Accesstoken::validateSession('/url-to-not-logged-in', true, 600); If you make a check like above and redirect the user to a login-page, you can afterwards call the ''resumeLocation()''-function to return the user to the place where the check failed. ===== Logout ===== Logout can be performed like: Accesstoken::destroySession(); This will destroy the entire PHP $_SESSION variable. To only destroy the Platform login session information, pass //false// to the function.