| Should session_regenerate_id be used in CI 3? |
|
Hello @php_rocs.
Thanks for answering. The application is online. For time reporting. Users can't get accounts from outside. Only existing user can register another user. Pages exposed to public: log-in page and forgot-password page. The login search db for username etc. If login failes, ip is saved in db, and to many failures blocks ip. When using forgot-pw-page an 'access-token' is baked in so a request must come from 'my' form (then I found CI has such security functions out of the box). For logged in users: There are 3 levels, superadmin company-boss, employed. Each controller function has a level check that guards level-wise (I started coding a 'concern-handler' that would protect 'resources' like userdata). A 4:th level is under development. I don't use bindning in queries. I make many queries in raw sql. On log out, I delete all session... In session I save: Username Userid Site language If a time report is started but not ended (work check in/out). Those features I recall now. |
| Messages In This Thread |
|
Should session_regenerate_id be used in CI 3? - by valema - 09-04-2020, 09:01 AM
RE: Should session_regenerate_id be used in CI 3? - by php_rocs - 09-04-2020, 07:02 PM
RE: Should session_regenerate_id be used in CI 3? - by valema - 09-21-2020, 01:36 PM
RE: Should session_regenerate_id be used in CI 3? - by php_rocs - 09-21-2020, 05:10 PM
RE: Should session_regenerate_id be used in CI 3? - by valema - 09-22-2020, 09:00 AM
RE: Should session_regenerate_id be used in CI 3? - by valema - 10-12-2020, 05:42 AM
|
