The current situation is that I have two separate applications.
One is the one I called *user_client* and the other is the server.
The user_client is mostly the “mark-up”, HTML stuff. This application will just throw a request to the server and receive a response. That’s all.
On the other hand, the server is a CodeIgniter installation, where its controllers will receive a request thrown by the client, process the data and send back a response.
But I am rather confused on how to I validate a user and where to store their sessions.
The problem now is that I have a login form in the user_client, and I setup JavaScript code to do Ajax calls to the server.
Something like:
success : server_path + 'login',
What I have done so far is that I used the data sent by the Ajax call to the server to validate the user and save a session.
I am doing it right? When I saved a session, it is a session of the server, right? Not the user_client.
And how do I check if the user is logged in? Is it still possible to do the following?
if (isset($_SESSION['whatever']))
What am I missing out about sessions? What are my misconceptions about sessions, because I believe there are.
A session (simplified) is just a way for the server to keep track of one particular user across page requests. CI sessions will keep track of the user by creating a cookie on the client browser that saves a session id – that session id (if set up to) will be saved in the database in the “ci_sessions” (default name) table. All session data will be saved there.
Doing it the way you suggest is fine, just be sure to use a secure connection when you pass the authentication to the server.