CodeIgniter Forums
[Solved] Expire Session Question - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: [Solved] Expire Session Question (/thread-69566.html)



[Solved] Expire Session Question - wolfgang1983 - 12-15-2017

When the user first login email or user name correct I set a custom session token

I when I set the token I would only like that token to last for 5 min then unset it self

How can I make sure that after 5min then only that session data will expire and unset.

PHP Code:
$this->load->helper('string');

$token random_string('alnum'16);

$session = array(
 
¬† 'login_token' => $token
);

$this->session->sess_expiration '14400';// expires in 4 hours
$this->session->set_userdata($session);

redirect(base_url('login/pwd/?token=' $token)); 


PHP Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed');

class 
Login extends CI_Controller {

    public function 
__construct() {
        
parent::__construct();
        
$this->load->library('form_validation');
    }

    public function 
index()
    {

        
$data['title'] = 'Admin Login';

        
$data['error_validation'] = '';
        
        
$this->form_validation->set_rules('validation''Username Or Email''required');

        if (
$this->form_validation->run() == false) {

            if (
form_error('validation')) {
                
$data['error_validation'] = form_error('validation''<p class="text-danger">''</p>');
            }

            
$this->load->view('template/common/header'$data);
            
$this->load->view('template/account/login'$data);
            
$this->load->view('template/common/footer');

        } else {

            
$this->load->helper('string');

            
$token random_string('alnum'16);

            
$session = array(
                
'login_token' => $token
            
);

            
$this->session->sess_expiration '14400';// expires in 4 hours
            
$this->session->set_userdata($session);

            
redirect(base_url('login/pwd/?token=' $token));
        }
    }

    public function 
pwd() {

        
$data['title'] = 'Admin Password Verification';

        if (
$this->session->userdata('login_token') !== $this->input->get('token')) {
            if (
$this->session->userdata('login_token')) {
                
$this->session->unset_userdata('login_token');
            }

            
redirect(base_url('/'));
        }

        
$data['error_password'] = '';

        
$this->form_validation->set_rules('password''Password''required|callback_validatepassword');

        if (
$this->form_validation->run() == false) {

            if (
form_error('password')) {
                
$data['error_password'] = form_error('password''<p class="text-danger">''</p>');
            }

            
$this->load->view('template/common/header'$data);
            
$this->load->view('template/account/password'$data);
            
$this->load->view('template/common/footer');

        } else {

            if (
$this->session->userdata('login_token')) {
                
$this->session->unset_userdata('login_token');
            }

            
redirect(base_url('dashboard'));
        }

    }

    public function 
validatepassword() {

    }




RE: Expire Session Question - wolfgang1983 - 12-15-2017

I think I have solved it now


PHP Code:
$this->session->set_tempdata(array('login_token' => $token), NULL300); 

PWD Function 

PHP Code:
if (!$this->session->userdata('login_token') || !$this->session->tempdata('login_token')) {
   
$this->session->unset_userdata('login_token');
   
redirect(base_url('/'));



PHP Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed');

class 
Login extends CI_Controller {

    public function 
__construct() {
        
parent::__construct();
        
$this->load->library('form_validation');
    }

    public function 
index()
    {

        
$data['title'] = 'Admin Login';

        
$data['error_validation'] = '';
        
        
$this->form_validation->set_rules('validation''Username Or Email''required');

        if (
$this->form_validation->run() == false) {

            if (
form_error('validation')) {
                
$data['error_validation'] = form_error('validation''<p class="text-danger">''</p>');
            }

            
$this->load->view('template/common/header'$data);
            
$this->load->view('template/account/login'$data);
            
$this->load->view('template/common/footer');

        } else {

            
$this->load->helper('string');

            
$token random_string('alnum'16);

            
$session = array(
                
'login_token' => $token
            
);

            
$this->session->set_tempdata(array('login_token' => $token), NULL300);

            
$this->session->set_userdata($session);

            
redirect(base_url('login/pwd/?token=' $token));
        }
    }

    public function 
pwd() {

        
$data['title'] = 'Admin Password Verification';

        if (!
$this->session->userdata('login_token') || !$this->session->tempdata('login_token')) {
            
$this->session->unset_userdata('login_token');
            
redirect(base_url('/'));
        }

        if (
$this->session->userdata('login_token') !== $this->input->get('token')) {
            if (
$this->session->userdata('login_token')) {
                
$this->session->unset_userdata('login_token');
            }

            
redirect(base_url('/'));
        }

        
$data['error_password'] = '';

        
$this->form_validation->set_rules('password''Password''required|callback_validatepassword');

        if (
$this->form_validation->run() == false) {

            if (
form_error('password')) {
                
$data['error_password'] = form_error('password''<p class="text-danger">''</p>');
            }

            
$this->load->view('template/common/header'$data);
            
$this->load->view('template/account/password'$data);
            
$this->load->view('template/common/footer');

        } else {

            if (
$this->session->userdata('login_token')) {
                
$this->session->unset_userdata('login_token');
            }

            
redirect(base_url('dashboard'));
        }

    }

    public function 
validatepassword() {

    }




RE: [Solved] Expire Session Question - Narf - 12-20-2017

You solved one problem, but you don't know that you have another one.

random_string() is not random; the manual itself says NOT to use the string helper for anything security-sensitive.