The accesstoken is used to handle access to instances and is an easy way to handle security.

A session using an accesstoken can be established like:

// Generate the object.
$token = new Accesstoken();
// Generate an unique token code within the object.
$token->generateTokenCode();
// Select when the token expires
$timestamp = new Timestamp('now');
// We expire it in ten minutes.
$accesstoken->expire_date = $timestamp->add(10*60);
// Save it for later reference.
$token->save();
// Write the token code to the session
$token->setSession();
// Redirect the user back to where she tried to enter
Accesstoken::resumeLocation();

It is typically associated with a user, which can be done easily like:

$user = new User();
$user->loadForRead($some_user_id)
$token = Accesstoken::acquire($user);

To check if a user is allowed one can simply do one of the following:

if (! Accesstoken::validateSession()) die('You aren\'t logged in, or your login expired');
 
Accesstoken::validateSession('/url-to-not-logged-in');
 
// The options below will cause a successful validation to make the session valid for ten more minutes.
Accesstoken::validateSession('/url-to-not-logged-in', true, 3600);

Logout can be performed like:

Accesstoken::destroySession();

This will destroy the entire PHP $_SESSION variable. To only destroy the Platform login session information, pass false to the function.