Session quickfix - Printable Version

Session quickfix - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Session quickfix (/showthread.php?tid=19771)

Session quickfix - El Forum - 06-18-2009

[eluser]Maglok[/eluser]
I have just inherited a CodeIgniter application that works with sessions. I have read up quickly and am unsure of a piece of code:

Code:
if(strtolower($login[0]['title'][0]) == 'student')

            {

                $this->CI->session->set_userdata(array('student' => true));

            }

            if(strtolower($login[0]['title'][0]) == 'medewerker')

            {

                $this->CI->session->set_userdata(array('medewerker' => true));

            }

            //Destroy old session

            $this->CI->session->sess_destroy();

            //Create a fresh, brand new session

            $this->CI->session->sess_create();

I am wondering if this code uses a set_userdata() then destroys the old session and creates a new one, doesn't the code then just... Set something and delete it before using it?

I am trying to nail a problem with the login here and the session are just a tad bit confusing.

Session quickfix - El Forum - 06-18-2009

[eluser]gtech[/eluser]
That code looks like it does what you suggest and it does look like a bug, as you want to be setting the data after the destroy and create. if you look at the session code in the libraries directory you can see sess_destroy deleting the session from the database and removing the cookie

here is the documentation on what sess_destroy does:

Code:
Destroying a Session

To clear the current session:

$this->session->sess_destroy();

Note: This function should be the last one called, 

and even flash variables will no longer be available. 

If you only want some items destroyed and not all, use unset_userdata().

which also implies the code you have is a bit odd.

I have read in some posts that sess_destroy does delete the db but not the cache as data can still be echoed. [url="http://ellislab.com/forums/viewthread/94981/"]http://ellislab.com/forums/viewthread/94981/[/url] don't know if this has been fixed.

But looking at the session code; Even if the destroy session does not work the sess_create() function should overwrite the array as a new one is created.

Session quickfix - El Forum - 06-19-2009

[eluser]Maglok[/eluser]
That is what I figured, but I had indeed read about the session class acting odd. So basically the top if's are obsolete. Thanks.