[eluser]brazilius[/eluser]
hi everybody
i'm building auth part of my application and examening different libraries
so this is a function from Erkana Auth
Code:
function try_session_login() {
if ($this->CI->session->userdata('user_id')) {
$query = $this->CI->db->query('SELECT COUNT(*) AS total FROM users WHERE id = ' . $this->CI->session->userdata('user_id'));
$row = $query->row();
if ($row->total != 1) {
// Bad session - kill it
$this->logout();
return FALSE;
} else {
return TRUE;
}
} else {
return FALSE;
}
}
and one thing i can't get is why query database if encrypted session data can be used
and we can be sured that userdata can't be altered and user_id we get from session->userdata is a true and existing value.
And if the value is set - user is logged in and we know user_id.
Anyway it's much faster then asking db.
May be i missed something when reading session manual.
Thanks in advance.