public static method

Performs an authentication check against the specified configuration, and writes the resulting user information to the session such that credentials are not required for subsequent authentication checks, and user information is returned directly from the session.


  • string $name

    The name of the Auth configuration/adapter to check against.

  • mixed $credentials

    A container for the authentication credentials used in this check. This will vary by adapter, but generally will be an object or array containing a user name and password. In the case of the Form adapter, it contains a Request object containing POST data with user login information.

  • array $options

    Additional options used when performing the authentication check. The options available will vary by adapter, please consult the documentation for the check() method of the adapter you intend to use. The global options for this method are:

    • 'checkSession' boolean: By default, the session store configured for the adapter will always be queried first, to see if an authentication check has already been performed during the current user session. If yes, then the session data will be returned. By setting 'checkSession' to false, session checks are bypassed and the credentials provided are always checked against the adapter directly.
    • 'writeSession' boolean: Upon a successful credentials check, the returned user information is, by default, written to the session. Set this to false to disable session writing for this authentication check.
    • 'persist' array: A list of fields that should be stored in the session. If no list is provided will store all fields in the session except the 'password' field.



After a successful credential check against the adapter (or a successful lookup against the current session), returns an array of user information from the storage backend used by the configured adapter.


This method can be filtered.


	public static function check($name, $credentials = null, array $options = []) {
		$config = static::config($name);

		$defaults = [
			'checkSession' => true,
			'writeSession' => true,
			'persist' => isset($config['session']['persist']) ? $config['session']['persist'] : static::_config('persist')

		$options += $defaults;
		$params = compact('name', 'credentials', 'options');

		return Filters::run(get_called_class(), __FUNCTION__, $params, function($params) {
			$config = static::_config($name);

			if ($config === null) {
				throw new ConfigException("Configuration `{$name}` has not been defined.");
			$session = $config['session'];

			if ($options['checkSession']) {
				if ($data = $session['class']::read($session['key'], $session['options'])) {
					return $data;

			if (($credentials) && $data = static::adapter($name)->check($credentials, $options)) {
				if ($options['persist'] && is_array($data)) {
					$data = array_intersect_key($data, array_fill_keys($options['persist'], true));
				} elseif (is_array($data)) {
				return ($options['writeSession']) ? static::set($name, $data) : $data;
			return false;