[eluser]n0xie[/eluser]
I know the Controller for Ion_Auth is just some example code but I would like to point out that the way it is done now, the Controller is wide open to CSRF exploits, possibly disabling all your users. You might want to add a little check or add some documentation so that people are aware that the code is primarily meant as an example and should be validated if used in a real life site...