Welcome Guest, Not a member yet? Register   Sign In
Is Session a safe place to store data ?
#8

(This post was last modified: 07-25-2016, 12:56 PM by PaulD. Edit Reason: Added PS )

That is fine.

You can also do it in create a pre-controller or post-controller hook that checks authorization and redirects to the login if not authorized. Of course you have to exclude your login contollers from the hook otherwise you get a never ending loop.

You will still have to collect your user data from your controller if you do that but if you make your authorisation routine as slick as possible, you can then just collect the user data you need per controller rather than collecting everything by default.

But the way you are doing it is fine.

Paul.

http://www.codeigniter.com/user_guide/ge...hooks.html

PS I presume your access model is doing something on authorisation fail? Such as a redirect to login? I prefer my models to return results only, so when I do something like this I call an access library, which calls the model to get the user data, and redirects on fail. Alternatively you could just do the check in the constructor, or call a function to do it. The advantage of the library is that it can then have other access methods in it, and logic to deal with failed logins, like update session with illegal access attempt, check an attempts count and initialise a 1 minute, 3 minute, 5 minute etc escalating access delay.
Reply


Messages In This Thread
RE: Is Session a safe place to store data ? - by PaulD - 07-25-2016, 12:46 PM



Theme © iAndrew 2016 - Forum software by © MyBB