The best login and authorization concept

I'm trying to make login and authorization for CI4 applications. I would like to make my own system and I am more concerned with the general concept which will be most suitable for CI4.

From what I understand is a good solution would be to create a base controller where in the constructor should start a session ie

Code:

   protected $session;
    protected $user;
    protected $isLogin = false;
    public function __construct(...$params) {
       parent::__construct(...$params);
       $this->session = \Config\Services::session();
       $this->session->start();
       // Your own constructor code
   }

$ This-> user variables would be written to the database from the user table to the logged-in user, and $ this-> session would be session variables

Is this a good approach? Please take any comments in this section.