Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Sessions Created Before Logging In
Sessions Created Before Logging In
  • El Forum
    Unregistered
  •  
#1
04-04-2010, 09:52 AM

[eluser]jasongodoy[/eluser]
Hello,

I might be not understanding sessions correctly, but I'm wondering if what I'm experiencing is normal expected behavior.

1. I've autoloaded the Session library.
2. I'm using MySQL to store session data in the database.
3. I've created a simple login page.

Simply by navigating to the login page to enter my user name and password creates a cookie and a new session record in my sessions DB. But I haven't logged in yet, so why is a session being created before I log in?

After logging in, the session record is updated in the DB.

Thanks for the knowledge.

J
  • El Forum
    Unregistered
  •  
#2
04-04-2010, 10:07 AM

[eluser]WanWizard[/eluser]
A session is just a mechanism to maintain "state" in a stateless environment. It has nothing to do with authentication, other than that you could use it to record and maintain the "logged-in state".
  • El Forum
    Unregistered
  •  
#3
04-04-2010, 03:21 PM

[eluser]jasongodoy[/eluser]
[quote author="WanWizard" date="1270415243"]A session is just a mechanism to maintain "state" in a stateless environment. It has nothing to do with authentication, other than that you could use it to record and maintain the "logged-in state".[/quote]

Thanks for the response WanWizard. I understand exactly what the session does in regards to maintaining state in a stateless environment, but that still doesn't explain why a session record is created in my sessions database and a cookie gets set in my browser before I log in and start a session.

What's interesting is when I stop autoloading the Session library, no sessions are created until I log in with the correct user name and password. Could this be some sort of bug?

J
  • El Forum
    Unregistered
  •  
#4
04-05-2010, 02:46 AM

[eluser]WanWizard[/eluser]
A session is created as soon as you load the session library.

I don't see why that is a problem, as I wrote before the session itself has nothing to do with a 'logon', sessions are just a mechanism to carry information from one page request to the next.

You need this for authentication, you need to be able to determine if a user is logged in, so you can restore the users logged-in state at the next page request. So the session needs to be there, even if no user is logged in.

You need logic like:
Code:
if ( $this->your_library->restore_user_session() )
{
    echo "user is currently logged in";
}
else
{
    if ( $this->your_library->login() )
    {
        echo "new user logged in";
     }
     else
    {
        echo "no user is logged in";
    }
}
}




Theme © iAndrew 2016 - Forum software by © MyBB