/**
  * Creates an active session for a user.
  *
  * @param string  $sid    session ID
  * @param int     $userId
  * @param Request $req
  *
  * @return ActiveSession
  */
 private function createSession($sid, $userId, Request $req)
 {
     $sessionCookie = session_get_cookie_params();
     $expires = time() + $sessionCookie['lifetime'];
     $session = new ActiveSession();
     $session->id = $sid;
     $session->user_id = $userId;
     $session->ip = $req->ip();
     $session->user_agent = $req->agent();
     $session->expires = $expires;
     $session->save();
     return $session;
 }
 /**
  * Step 2 in the forgot password process. Resets the password
  * given a valid token.
  *
  * @param string $token    token
  * @param array  $password new password
  *
  * @throws AuthException when the step cannot be completed.
  *
  * @return bool
  */
 public function forgotStep2($token, array $password)
 {
     $ip = $this->request->ip();
     return $this->getPasswordReset()->step2($token, $password, $ip);
 }