====== Accesstoken class ======
The accesstoken is used to handle access to instances and is an easy way to handle security.
A session using an accesstoken can be established like:
// Generate the object.
$token = new Accesstoken();
// Generate an unique token code within the object.
$token->generateTokenCode();
// Select when the token expires
$timestamp = new Timestamp('now');
// We expire it in ten minutes.
$accesstoken->expire_date = $timestamp->add(10*60);
// Save it for later reference.
$token->save();
// Write the token code to the session
$token->setSession();
This is boiled into a number of methods.
$token = Accesstoken::acquireAnonymous(60*60);
The code above acquires an access token which isn't associated with any user, and lasts for one hour.
To associate an access token with a user, this is done like:
$user = new User();
$user->loadForRead($some_user_id)
$token = Accesstoken::acquire($user);
To check for a valid access token, do one of the following:
if (! Accesstoken::validateSession()) die('You aren\'t logged in, or your login expired');
Accesstoken::validateSession('/url-to-not-logged-in');
// The options below will cause a successful validation to make the session valid for ten more minutes.
Accesstoken::validateSession('/url-to-not-logged-in', true, 600);
If you make a check like above and redirect the user to a login-page, you can afterwards call the ''resumeLocation()''-function to return the user to the place where the check failed.
===== Logout =====
Logout can be performed like:
Accesstoken::destroySession();
This will destroy the entire PHP $_SESSION variable. To only destroy the Platform login session information, pass //false// to the function.