ca8a2066de
reads auth_token cookie (constant COOKIE_NAME for cross-layer
sharing with the AuthController). missing/empty cookie or
unknown token -> 401 json {error: unauthenticated}. expired
session is deleted then 401 returned. valid session attaches
the User entity to request attributes under 'user' so
downstream controllers can read it via request attributes. 37
tests pass.
|
||
|---|---|---|
| .. | ||
| Auth | ||
| Exceptions | ||
| Http/Middleware | ||
| Providers | ||
| Shared/ValueObject | ||
| User | ||