Welcome Guest, Not a member yet? Register   Sign In
The best login and authorization concept

(This post was last modified: 06-10-2017, 08:25 AM by skunkbad.)

To say this is a good approach would be to see 1% of what needs to be done and give you an answer.

I never like to use the session for anything but an ID. The data is already in your database, so get it from there.

If you've never attempted to write an Auth library, you should. It's a great learning experience, especially when you start researching security issues. You've got a lot to think about:

1) Session security.
2) Password hashing.
3) Tracking login attempts.
4) Account recovery.
5) Is the user already logged in?
6) If logged in, what kind of user is it?
7) Does logged in user have special permissions to do anything?
8) Garbage collection on authentication/sessions.

There's a lot more to all of this than just creating a base controller.

Also, it's kind of the reason why there is no Auth in CI, that people like doing Auth their own way. There is no best way, as long as you don't do it wrong.

Messages In This Thread
RE: The best login and authorization concept - by skunkbad - 06-10-2017, 08:20 AM

Theme © iAndrew 2016 - Forum software by © MyBB