Cookie
Cookie
Cookie-based auth token transport implementation.
class Cookie implements \Hazaar\Auth\Session\Transport\SessionTransportImplements {@see SessionTransport} by reading auth tokens from incoming request cookies and writing/removing token cookies on outgoing responses through Set-Cookie headers.
The transport supports configurable cookie attributes, including path, domain, secure, HttpOnly, SameSite, and expiration, with per-call option overrides for persist/clear operations.
Properties
options
private array $optionsMethods
__construct
CookieTransport constructor.
public __construct(array $cookieOptions): voidParameters
| Parameter | Type | Description |
|---|---|---|
$cookieOptions | array |
extractToken
Extracts the authentication token from the cookie.
public extractToken(array $options): ?stringRetrieves the value of the cookie specified by $this->cookieName from the $_COOKIE superglobal. Returns the token as a string if the cookie exists, or null if it does not.
Parameters
| Parameter | Type | Description |
|---|---|---|
$options | array |
extractRefreshToken
public extractRefreshToken(array $options): ?stringParameters
| Parameter | Type | Description |
|---|---|---|
$options | array |
persistToken
Persists the authentication token in a cookie with the specified options.
public persistToken(Response $response, ExpiringToken $token, array $options): voidParameters
| Parameter | Type | Description |
|---|---|---|
$response | Response | |
$token | ExpiringToken | the authentication token to be stored in the cookie |
$options | array |
persistRefreshToken
Persists the refresh token in a separate cookie.
public persistRefreshToken(Response $response, ExpiringToken $refreshToken, array $options): voidStores the provided refresh token in a cookie named "{$this->cookieName}-refresh" using the given response object. Cookie options such as path, domain, secure, httponly, samesite, and expires can be customized via the $options parameter.
Parameters
| Parameter | Type | Description |
|---|---|---|
$response | Response | the response object to which the Set-Cookie header will be added |
$refreshToken | ExpiringToken | the refresh token to be stored in the cookie |
$options | array | optional cookie settings to override default options |
clearToken
Clears the authentication token by removing the corresponding cookie.
public clearToken(Response $response, array $options): voidParameters
| Parameter | Type | Description |
|---|---|---|
$response | Response | |
$options | array |
persistenceMode
Returns {@see TransportPersistence::ServerManaged} because cookies are
public persistenceMode(): TransportPersistencewritten via Set-Cookie and replayed by the browser automatically.
Generated by Hazaar API Doc Generator on Tue, 21 Apr 2026 04:00:24 +0000