[eluser]Dan Bowling[/eluser]
I'm really new to CI, so take my advice with that context.
What I've done on a current project that needed some security, but not a lot, is modified the Session variables setting:
Code:
$config['sess_expiration'] = 7200;
That is the timout of the session in seconds (the default is two hours).
In my controllers (all that require authentication), I've put a session check in the constructor:
Code:
class Schools extends Controller {
function Schools()
{
parent::Controller();
$this->load->scaffolding('schools');
if ($this->session->userdata('logged_in')!=TRUE)
{
redirect('/authentication/login', 'refresh'); //if no login session, then prompt for login
}
else {
$this->load->model("alumni_model");
$this->load->model("regions_model");
$this->load->model("schools_model");
$this->load->model("counselors_model");
}
}
function index()
{
}