simkimsia/InvalidAuthenticationException.php

## InvalidAuthenticationException.php
<?php
namespace App\Exception;

use Cake\Core\Exception\Exception;

class InvalidAuthenticationException extends Exception
{};

## SessionsController.php
<?php
namespace App\Controller\Api;

use App\Controller\AppController;
use Cake\Event\Event;
use App\Exception\InvalidAuthenticationException;
use Cake\Core\Exception\UnauthorizedException;
/**
 * Sessions Controller
 *
 * @property \App\Model\Table\SessionsTable $Sessions
 */
class SessionsController extends AppController
{

    public function beforeFilter(Event $event) {
        parent::beforeFilter($event);
    }

    /**
     * Session add method representing user authentication
     *
     * @return void Redirects on successful , renders view otherwise.
     */
    public function add()
    {
        if ($this->request->is('get')) {
            $user = $this->Auth->user();
            if ($user) {
                $this->set('data', $user);
            }
        }

        // requires username/email, password,
        // and preferably redirect
        if ($this->request->is('post')) {
            $user = $this->Auth->identify();
            if ($user) {
                $this->Auth->setUser($user);
                $this->set('data', $user);
                $this->set('_serialize', ['data']);
                return;
            }
            $this->set('error',[
                'type' => 'Invalid authentication',
                'code' => 'INVALID_AUTH',
                'http_code' => 422,
                'message' => 'Invalid email or password, try again',
            ]);
            $this->set('_serialize', ['error']);
            throw new InvalidAuthenticationException('asd', 422);
        }
    }

    public function delete()
    {
        // priority to $_REQUEST['redirect']
        $explicitRedirectAfterLogout = $_REQUEST['redirect'];

        // followed by app default redirect
        $defaultRedirect = $this->Auth->logout();

        $redirect = empty($explicitRedirectAfterLogout) ? $defaultRedirect : $explicitRedirectAfterLogout;

        return $this->redirect($redirect);
    }

}
	<?php
	namespace App\Exception;

	use Cake\Core\Exception\Exception;

	class InvalidAuthenticationException extends Exception
	{};
	<?php
	namespace App\Controller\Api;

	use App\Controller\AppController;
	use Cake\Event\Event;
	use App\Exception\InvalidAuthenticationException;
	use Cake\Core\Exception\UnauthorizedException;
	/**
	* Sessions Controller
	*
	* @property \App\Model\Table\SessionsTable $Sessions
	*/
	class SessionsController extends AppController
	{

	public function beforeFilter(Event $event) {
	parent::beforeFilter($event);
	}

	/**
	* Session add method representing user authentication
	*
	* @return void Redirects on successful , renders view otherwise.
	*/
	public function add()
	{
	if ($this->request->is('get')) {
	$user = $this->Auth->user();
	if ($user) {
	$this->set('data', $user);
	}
	}

	// requires username/email, password,
	// and preferably redirect
	if ($this->request->is('post')) {
	$user = $this->Auth->identify();
	if ($user) {
	$this->Auth->setUser($user);
	$this->set('data', $user);
	$this->set('_serialize', ['data']);
	return;
	}
	$this->set('error',[
	'type' => 'Invalid authentication',
	'code' => 'INVALID_AUTH',
	'http_code' => 422,
	'message' => 'Invalid email or password, try again',
	]);
	$this->set('_serialize', ['error']);
	throw new InvalidAuthenticationException('asd', 422);
	}
	}

	public function delete()
	{
	// priority to $_REQUEST['redirect']
	$explicitRedirectAfterLogout = $_REQUEST['redirect'];

	// followed by app default redirect
	$defaultRedirect = $this->Auth->logout();

	$redirect = empty($explicitRedirectAfterLogout) ? $defaultRedirect : $explicitRedirectAfterLogout;

	return $this->redirect($redirect);
	}

	}