Auth is responsible for managing session state for each configuration, and exposes a set of
methods which adapters can implement: set(), check() and clear(). You can read more about
each method below. Beyond these methods, Auth makes very few assumptions about how your
application authenticates users. Each adapter accepts a set of credentials, and returns an array
of user information on success, and false on failure. On successful authentication attempts,
the data returned from the credential check is written to the session, which is automatically
accessed on subsequent checks (though manual re-checking can be forced on a per-instance basis).
To be secure by default (and if you don't override it), a password field is never stored in
the session adapter. This prevents a possible password hash to be leaked in a cookie (for
example). You can also be very specific on what you want to store in the session:
Auth::config(array(
'default' => array(
'session' => array(
'persist' => array('username', 'email')
)
)
));
You can also pass an optional persist param to the check method to override this default.
For additional information on configuring and working with Auth, see the Form adapter.