public method

Read strategy method.

Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is.

If the stored data being read does not contain a __signature field, a MissingSignatureException is thrown. When catching this exception, you may choose to handle it by either writing out a signature (e.g. in cases where you know that no pre-existing signature may exist), or you can blackhole it as a possible tampering attempt.


  • array $data

    The data being read.

  • array $options

    Options for this method.



Validated data.


	public function read($data, array $options = []) {
		if ($data === null) {
			return $data;
		$class = $options['class'];

		$currentData = $class::read(null, ['strategies' => false]);

		if (!isset($currentData['__signature'])) {
			throw new MissingSignatureException('HMAC signature not found.');
		if (Hash::compare($currentData['__signature'], static::_signature($currentData))) {
			return $data;
		throw new RuntimeException('Possible data tampering: HMAC signature does not match data.');