db() ->select("_api.verify_jwt(?) AS user_id;") ->row($jwt); // invalid JWT if (!$result) return NULL; // load user inside session $user_id = $result['user_id']; $user = $this->db() ->select('*') ->from('api.user') ->where('id') ->eq($user_id) ->row(); // valid JWT, but invalid user if (!$user) return NULL; // return session self::$session = array_merge( $user, array('jwt' => $jwt)); return self::$session; } }