Welcome Guest, Not a member yet? Register   Sign In
login and database sessions
#1

[eluser]Unknown[/eluser]
Hello.. first of all I'm pretty new with codeigniter and my english isn't really good.. I'll try be clear as possible.
I don't really understand how CI sessions works..
I make an example so you can understand better


login page (simplified):

Code:
if($this->login())
{
     $this->load->library('session'); (it saves on ci_session table: session_id, ip_address, user_agent, last_activity)
     $this->session->set_userdata('user_id', $this->id); (user_id used for set the page based on it, (ex: user profile?))
     redirect('protectpage');
}



so now, to show the page only to logged users I did something like that:
protectpage:
Code:
$this->load->library('session'); (it saves on ci_session table: session_id, ip_address, user_agent, last_activity)

if($this->session->userdata('session_id') && preg_match("/^[a-zA-Z0-9]{32}$/", $this->session->userdata('session_id') ))
{
    $this->db->from('ci_sessions');
    $this->db->where('session_id', $this->session->userdata('session_id'));
    $query = $this->db->get();
            
    if($query->num_rows() > 0)
    {
          echo "logged...";
    }
}

if I do this, the user will always be logged because when I load the session library it saves a new session on the database/cookie..
I guess I should do in login page something like that
$this->session->set_userdata('logged_in', TRUE);

but how much this is secure? i mean if someone when logged change the ci_session cookie with another user_id whats will happens?

and last question..
the session_id changes every 5 minutes but the old session doesnt be removed immediately.. it will be removed based on random time right?

thanks for help ^^


Messages In This Thread
login and database sessions - by El Forum - 10-13-2008, 12:39 PM
login and database sessions - by El Forum - 10-13-2008, 03:38 PM
login and database sessions - by El Forum - 10-13-2008, 06:36 PM



Theme © iAndrew 2016 - Forum software by © MyBB