First I'd like to thank you for flexi_auth. I use it much, and I think it is great.
I have found a #bug in one of your classes. Let me explain my problem first:
I have setup a Codeigniter with 2 applications (Frontend & Backend), but they use they same core.
My problem was:
1. I log in to the backend
2. When I log to the frontend from the same computer / browser I get logged out from the backend app.
After reading your code I have see that 'login_session_token' gets overwriten. So I determined it was my mistake. I should have setup different values for frontend for:
$config['cookies']['login_session_token'] = 'login_session_token';
$config['sessions']['login_session_token'] = 'login_session_token';
Whcih I did.... but It didn't work again.
I have spend some time debugging your code and I have found a mistake:
in file: flexi_auth_lite_model.php
on line: 370
you use: if (get_cookie('login_session_token') != $hash_session_token)
which is not correct. It should pull the data from config like:
if (get_cookie($this->auth->session_name['login_session_token']) != $hash_session_token)
I hope I was able to help and contribute one small % to your great work.