CodeIgniter Forums

Full Version: How does Ion Auth (or other auth libraries) handle "remember me" and codeigniter sessions?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

I am brand new to codeigniter and frameworks in general, and am wondering how Ion Auth handles sessions.

If I save the user's information to a session using Ion's built-in user() function to get their details, will the session variables be available for only 2 hours (the default session time), or will they automatically be renewed if the "remember me" function is enabled? To be more specific, I would do this to get the info:

$this->session->userdata[] = $this->ion_auth->user()->row();

So how does Ion Auth handle sessions? What do I need to know about the "remember me" feature? Unfortunately, the documentation for Ion Auth doesn't explain anything concerning this.

And lastly, would this be the proper method to use the user data in a Model? I need to make MySQL queries using the user_id in the WHERE clause, of course. Surely I shouldn't be passing this information to the model from the controller every time?

Thank you for your assistance.

El Forum

In my experienced I was tired digging the IonAuth codes.
And Ben always modified that codes and he intentionally put bugs to that IonAuth.
So I decided to create my own.

Back to topic, Haven't you dug the library or the models.
I think there is a method that handles that.
If you don't understand the method better create your own remember-me method.

El Forum

I haven't dug into the IonAuth library either (created my own for learning CI) but if it implemented a remember_me function correctly it has nothing to do with a session but rather with a cookie. So whenever the session runs out (and is not renewed by CI's session library) IonAuth looks for a "remember_me" cookie to log the user back in. This "remember_me" cookie however will be invalid after some time as well, so that the user cannot be logged in years later.

Hope this kinda answered your question !?

El Forum

Thanks for the answers! I too just found how it works. As PhilTem said, it looks for the cookie if the user is not logged in. If the cookie is there, it logs back in. Therefore, I'll be safe if I save the user variables into the session.

Since both of you didn't mention anything about accessing the user vars in Models, I am assuming I'm doing it the right way. If accessing user variables in Models via session variables is not the right way, I'd appreciate some guidance on a better way.


El Forum

Regarding your second question: I don't know the answer, but IonAuth should have a method to retrieve user-data like the user-id for you not needing to get it from the session directly. That's why one would want to use a library so that you keep code DRY and that the actual way of storing data is "invisible" (i.e. not known) to other models, libraries, ...