1 files changed, 38 insertions, 21 deletions

diff --git a/Http/RememberMe/RememberMeServicesInterface.php b/Http/RememberMe/RememberMeServicesInterface.php
index b038a0d..c740d28 100644
--- a/Http/RememberMe/RememberMeServicesInterface.php
+++ b/Http/RememberMe/RememberMeServicesInterface.php
@@ -17,50 +17,67 @@ use Symfony\Component\HttpFoundation\Request;
 /**
  * Interface that needs to be implemented by classes which provide remember-me
  * capabilities.
- * 
+ *
  * We provide two implementations out-of-the-box:
  * - TokenBasedRememberMeServices (does not require a TokenProvider)
  * - PersistentTokenBasedRememberMeServices (requires a TokenProvider)
- * 
+ *
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  */
 interface RememberMeServicesInterface
 {
     /**
-     * This method will be called whenever the SecurityContext does not contain 
-     * an TokenInterface object and the framework wishes to provide an implementation 
-     * with an opportunity to authenticate the request using remember-me capabilities. 
-     * 
+     * This attribute name can be used by the implementation if it needs to set
+     * a cookie on the Request when there is no actual Response, yet.
+     *
+     * @var string
+     */
+    const COOKIE_ATTR_NAME = '_security_remember_me_cookie';
+
+    /**
+     * This method will be called whenever the SecurityContext does not contain
+     * an TokenInterface object and the framework wishes to provide an implementation
+     * with an opportunity to authenticate the request using remember-me capabilities.
+     *
      * No attempt whatsoever is made to determine whether the browser has requested
      * remember-me services or presented a valid cookie. Any and all such determinations
-     * are left to the implementation of this method. 
-     * 
+     * are left to the implementation of this method.
+     *
      * If a browser has presented an unauthorised cookie for whatever reason,
-     * make sure to throw an AuthenticationException as this will consequentially 
+     * make sure to throw an AuthenticationException as this will consequentially
      * result in a call to loginFail() and therefore an invalidation of the cookie.
-     * 
+     *
      * @param Request $request
      * @return TokenInterface
      */
     function autoLogin(Request $request);
-    
+
     /**
-     * Called whenever an authentication attempt was made, but the credentials
-     * supplied by the user were missing or otherwise invalid.
-     * 
+     * Called whenever an interactive authentication attempt was made, but the
+     * credentials supplied by the user were missing or otherwise invalid.
+     *
      * This method needs to take care of invalidating the cookie.
+     *
+     * @param Request $request
+     * @return void
      */
-    function loginFail(Request $request, Response $response);
+    function loginFail(Request $request);
 
     /**
-     * Called whenever authentication attempt is successful (e.g. a form login). 
-     * 
-     * An implementation may always set a remember-me cookie in the Response, 
-     * although this is not recommended. 
-     * 
-     * Instead, implementations should typically look for a request parameter 
+     * Called whenever an interactive authentication attempt is successful
+     * (e.g. a form login).
+     *
+     * An implementation may always set a remember-me cookie in the Response,
+     * although this is not recommended.
+     *
+     * Instead, implementations should typically look for a request parameter
      * (such as a HTTP POST parameter) that indicates the browser has explicitly
      * requested for the authentication to be remembered.
+     *
+     * @param Request $request
+     * @param Response $response
+     * @param TokenInterface $token
+     * @return void
      */
     function loginSuccess(Request $request, Response $response, TokenInterface $token);
 }
\ No newline at end of file