All session info from cookie to database

[eluser]Thorpe Obazee[/eluser]
everything will be passed to the database. I *think* the session_id is stored in the database for verification purposes. In the end, you'll have 1 cookie copy and one database copy of your session which I think is best when verifying validity of the cookie copy.

Option 2
If you don't like that option and really really really really really really really really really really don't want any database copy of your session_id in the database, you'd have to manually check user_rights on every page using a user_id like so.

Code:

// Your controller
function is_logged()
{
     if ( ! $this->user_model->check_user_rights($this->session->userdata('user_id'), 'admin'))
    {
        redirect('user/login');
    }
    // continue code here.....
}

Code:

// User_model

function check_user_rights($user_id, $role)
{
    return $this->db->join('roles_users', 'roles_users.user_id = users.id', 'LEFT')
        ->join('roles', 'roles.id = roles_users.role_id', 'LEFT')
        ->where(array('users.id' => $user_id, 'roles.name' => $role))
        ->count_all_results('users');
}

That is assuming you have a table like so:

users
id
username
password

roles
id
name

roles_users
role_id
user_id

This is of course untested. But that's the logic behind it.