[eluser]ladooboy[/eluser]
Hi !
About the Sessions and remember me function.
My remember_me function is currently not working.
Problem: Once I have ticked "Remember me" and login, then close the browser and re-open the webpage on the same browser my session(cookie)is automatically destroyed, but not the session data in the DB. How can I prevent the cookie from being destroyed once I close the browser ?
ps:
the logged_in() function wasn't secure enough. What I did is following:
ion_auth_model
Code:
$hash = $this->hash_string($result->id.$result->password.$identity);
$this->session->set_userdata('hash',$hash);
ion_auth
Code:
public function logged_in()
{
$identity = $this->ci->config->item('identity', 'ion_auth');
if($this->ci->session->userdata($identity) && $this->ci->session->userdata('hash'))
{
$email = $this->ci->session->userdata($identity);
$sess_hash = $this->ci->session->userdata('hash');
$result = $this->ci->ion_auth_model->get_data('users','id,password',array($identity=>$email),NULL);
if($result)
{
$db_hash = $this->ci->ion_auth_model->hash_string($result->id.$result->password.$email);
if ($sess_hash == $db_hash) return TRUE; //if hash from session variable matches this hash user is logged in
}
return FALSE;
}
return FALSE;
}
Code:
public function hash_string($value)
{
return sha1($value);
}
I just hash the user id,password and email address and put it encrypted into session_id. Everytime he logged_in() function is run it checks by getting the DATA from the DB if the hash is matches and redirects accordingly.