Welcome Guest, Not a member yet? Register   Sign In
[5.0] Improved session and authentication service.
#1

(This post was last modified: 04-03-2022, 02:02 PM by iRedds.)

Hi.
It seems to me that the session attributes need the user id.
This will give the ability to manage user sessions.
For example, disable the current session for all devices or allow authentication through only one device/browser.

But there is a problem with getting the user ID for the session. A solution, for example, adding a service class that will implement the functionality of obtaining an ID. 
The developer will be able to extend the class and define behavior if his application requires authentication.

Now this is only possible by changing the driver and the session class.
Reply
#2

I don't get your story.

Do you talk about Session table scheme?
https://codeigniter4.github.io/CodeIgnit...ler-driver

> But there is a problem with getting the user ID for the session. A solution, for example, adding a service class that will implement the functionality of obtaining an ID.

I don't know how to find all session files that have the user id.
Read all session files and decode them and check the data?
Reply
#3

(04-03-2022, 04:20 PM)kenjis Wrote: I don't get your story.

@iRedds means add extra field to 'ci_sessions' table. By default 'ci_sessions' table has 4 fields: id, ip_address, timestamp, data.
For example laravel has 'user_id' field inside session table, which can be used to make feature like 'sign-outs all other devices except current one'.
Reply
#4

First of all, I based my thoughts on the structure of the session table in the database.
I didn't go into the implementation details of the other session drivers, but thought about the general concept.

Yes, the files are sad. But, for example, file sessions can be excluded from the functionality.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB