I’m working on this project in Codeigniter and i created login and register script but I don’t know how to validate user on every page.
When user logs in what data to store in session (Ci session user_data), so i can compare it to database on every page to se if the session is valid?
I’m using codeigniter’s session class and I’m storing the values automatically in the database. Please help me I’m stuck here…
My session is handled like this :
1. When ever any user reaches my webpage he gets unique hashed (md5) session id that is checked when ever a page is loaded. If it exists do nothing if it doesn’t generate a new one. It changes every 5 minutes.
2. When user logs in what data to pass to so i can compare it to the database later on ( on every page load)
I don’t know if storing only the ‘is_logged’ = 1 cookie is safe. I want to check cookies on every server request.
Upon succesful login, you create a
You can then make an auth library, or a model method, whatever suits you that just checks if this session data exists.
if FALSE, user is not logged, if TRUE it is. You can call this function on every controller’s method you need to place behind authentication, or in controllr’s constructor if you need it for all methods (ex. an admin panel)
have a look, for ex., on how Ion Auth, one of the mainstream Auth Libraries in CI, handles the thing (uses the logged_in() method which does the same as in my example code. Keep in mind that sessions are encrypted, and if stored in database security is even higher);
https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/2/libraries/Ion_auth.php