Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Time Limited Session
Time Limited Session
  • El Forum
    Guest
  •  
#6
09-29-2010, 04:06 AM

[eluser]WanWizard[/eluser]
Very confusing indeed, as there is also an third party library called db_session...


You shouldn't fiddle with the internals of the session. The proper way to use the session is to use session variables:
when the controller loads, you check for a specific session variable (for example user_id'). If it exists, the user is logged in. If not, the user is not logged in. In your login form, create this session variable after you have done your validations. When the user clicks on logout, delete the variable. No need to manually handle session_id's, or create or destroy sessions.

There is a second reason why using session_id's in your application is a bad idea. For security purposes, the session library rotates session_id. This means that while the session is still valid, the session_id has changed.


Messages In This Thread
Time Limited Session - by El Forum - 09-29-2010, 02:22 AM
Time Limited Session - by El Forum - 09-29-2010, 02:30 AM
Time Limited Session - by El Forum - 09-29-2010, 02:38 AM
Time Limited Session - by El Forum - 09-29-2010, 03:43 AM
Time Limited Session - by El Forum - 09-29-2010, 03:56 AM
Time Limited Session - by El Forum - 09-29-2010, 04:06 AM



Theme © iAndrew 2016 - Forum software by © MyBB