Ion Auth: User session logout issue

[eluser]qpixo[/eluser]
I have some issue with Auth Ion, the authentication works fine, I can login the user dashboard. Then I logout, it redirects back to login form which is fine. But when I enter URL and go back to dashboard auth, I can reach it which raise concern aver user security. Noticed the logout of Ion Auth, it can't delete session username...

What I want to do is once the user has logout, he can't go back to the dashboard again and display error msg. How can I implement a check user login on each page of user dashboard once he can successful log in?

Here's my code, I have create a base controller then extend it:

Code:

require APPPATH . "third_party/MX/Controller.php";

class Members_Controller extends MX_Controller {

// Defined a global user to all View
protected $user;

// Constructor
public function __construct() {
  parent::__construct();

  self::checkMember();
}

public function checkMember() {
  // Check if user is members
  if($this->ion_auth->in_group('members')) {
   $data->user = $this->ion_auth->user()->row();
   $this->user = $data->user;
    
   // Load user to every Views
   $this->load->vars($data);
  } else {
   redirect($this->config->item('base_url'));
  }
}

Then in Dashboard controller I extend the base controller, I tried to add a check logged_in but it's still doesn't work

Code:

class Dashboard extends Members_Controller {

public function __construct() {
  
  parent::__construct();
}


public function index() {
             if($this->ion_auth->logged_in()) {
  echo "Hello " . $this->user->username . "!";
  $this->load->view('members_dashboard');
             } else {
                echo "You don't have access to this page...";
                die;
             }
}


}

Auth uses to check and validate login form:

Code:

public function index() {
  
  // If user is not log in
  if(!$this->ion_auth->logged_in()) {
   // Redirect to login form
   redirect('auth/login');
  }
}

public function login() {
  // Validated login form
  $this->form_validation->set_rules('username', 'Username', 'required');
  $this->form_validation->set_rules('password', 'Password', 'required');
  
  // If it can log in
  if ($this->form_validation->run() === true) {
   // Get user input form
   $username = $this->input->post('username');
   $password = $this->input->post('password');
  
   // Check user login compare it with model DB
   if ($this->ion_auth->login($username, $password)) {
    // Get the current user group
    $usergroup = $this->ion_auth->get_users_groups()->row()->name;
    //print_r($usergroup);
    
    // Redirect user to proper dashboard
    redirect($usergroup . '/dashboard');
    
    // Create the user authorized in session
    $this->session->set_flashdata('authorized', true);
   } else {
    ...
    redirect('auth/login');
   }
  
  } else {
   // Store username in session
   $username_session = $this->session->flashdata('username');

   // Set username, password and submit forms
   $data['username'] = array( 'name' => 'username',
          'type' => 'text',
          'value' => set_value('username', $username_session) );
  
   $data['password'] = array( 'name' => 'password',
            'type' => 'password' );
  
   $data['submit'] = array ( 'type' => 'submit',
          'value' => 'Login' );
  
   $data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  
   // Display login page
   $this->load->view('login', $data);
  }
}

[eluser]Matalina[/eluser]

Code:

class Members_Controller extends MX_Controller {
//...
public function __construct() {
  parent::__construct();

  if(!$this->ion_auth->logged_in()) {
    // I would set flashdata here as well.
    redirect('to/somepage');
  }

  self::checkMember();
}

[eluser]qpixo[/eluser]
[quote author="Matalina" date="1339698752"]

Code:

class Members_Controller extends MX_Controller {
//...
public function __construct() {
  parent::__construct();

  if(!$this->ion_auth->logged_in()) {
    // I would set flashdata here as well.
    redirect('to/somepage');
  }

  self::checkMember();
}

[/quote]

It doesn't work, I can still access to the dashboard

[eluser]Matalina[/eluser]
what's your logout function look like?

I've not had issues if logout is working correctly.

[eluser]qpixo[/eluser]
[quote author="Matalina" date="1339700983"]what's your logout function look like?

I've not had issues if logout is working correctly.[/quote]

I use the default logout function of Ion Auth

Code:

public function logout() {
  // Clear user session data
  $this->ion_auth->logout();
  redirect('auth/login');
}

I don't understand why it's not working though

[eluser]qpixo[/eluser]

Does anyone know how to fix that issue?

[eluser]Matalina[/eluser]
I would check your sessions. If it's not cleared, they I'd check ion_auth logout function to verify it's doing what it's suppose to do. I'm look at mine at it seems correct, so I can't tell you if your's is wrong.


Do you have the latest ion_auth too?

[eluser]qpixo[/eluser]
[quote author="Matalina" date="1339702637"]I would check your sessions. If it's not cleared, they I'd check ion_auth logout function to verify it's doing what it's suppose to do. I'm look at mine at it seems correct, so I can't tell you if your's is wrong.


Do you have the latest ion_auth too?[/quote]

I'm using the benedmunds-CodeIgniter-Ion-Auth-428550c

Not sure it's latest one


How can I check my sessions?

[eluser]Matalina[/eluser]
download the newest one from github and try again. I can't see how it would be broken but you don't have the lastes software.

[eluser]qpixo[/eluser]
[quote author="Matalina" date="1339703748"]download the newest one from github and try again. I can't see how it would be broken but you don't have the lastes software.

[/quote]

Ok, let me download and recheck it again...