| User login and session data [how to ?] |
[eluser]PorkOne[/eluser]
Hi I know that this topic is coming back very often, but I didn't found clear answer for my question. How to keep (secure) user's data after login without any additional libraries, using only standard CI components? The first thing is to keep session in the database and encrypt cookie. I did it and I have created table 'sessions' where all session's data are stored. But... new session automatically starts every time user open my page and this information is stored in the database, but there is no place for user's custom data, such as login, name and any other. Maybe I don't understand how this should work... Is it possible to start session only for users who can log-in into my page (not for all)? Can anyone try to explain me what should I do to keep (in secure way) user's data? I'm hope it's enough clear... and sorry for my english  Thanks
[eluser]nirbhab[/eluser]
Hi porkone, The easiest way to authenticate users is to: 1. create a form asking for username and password. 2. check that username and password from database. 3. after correct username and password from the user, create your own session or extend CI's session. 4. check for newly created session on every controller or method, where you want users to be authenticated before use. but, if you are looking forward to CI, to this task than forget it, as it is a framework, which help us to develop, not to edit a preformed application like joomla or drupal. note: ignore if you already know all, that i told.....
[eluser]PorkOne[/eluser]
Thanks for reply. Yep, I know that this is framework "only" and I know what I can do with it  What do you mean 'extend CI session'? Could you write some more details (extend CI's session calss, plugin, helper) ? Is it enough to use standard CI's session and hold standard session data (ip, user agent, last activity and id) in the database and custom data on client site (using set_userdata) ? What to check to authenticate logged-in user? Is it enough to check session_id exist in session's table? Thanks
[eluser]nirbhab[/eluser]
Please have a look on the url, It would be use full in understanding CI's sessions. CI-UserGuide SESSIONs
[eluser]webthink[/eluser]
Quote:But… new session automatically starts every time user open my page and this information is stored in the database, but there is no place for user’s custom data, such as login, name and any other. Maybe I don’t understand how this should work… No you are right. The session user data is still stored in the cookie. Have a look at NGSession a drop in replacement for CI's session class. This will allow you to store the userdata in the db. A far more secure solution.
[eluser]ch5i[/eluser]
... or use Native Session, which uses PHP's native sessions -> user data is stored server side, only session id is in user cookie. |
| Welcome Guest, Not a member yet? Register Sign In |
