/** * authenticates user from session data * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * @return ResponseInterface */ public function authenticateSession(ServerRequestInterface $request, ResponseInterface $response, callable $next) { // check user $userId = $this->session->get("security._user"); if ($userId === null) { return $next($request, $response); } // check login token $loginToken = $this->session->get("security._logintoken"); if ($loginToken === null) { $this->session->delete("security._user"); return $next($request, $response); } // refresh user $this->user = $this->userProvider->refreshUser((string) $userId, $loginToken); return $next($request, $response); }