[eluser]chmod[/eluser]
I use CI 1.6.1 at last three months.Now I use CI 1.7,and the problem is remaining which is CI's session problem.
When I change config.php like this:
Code:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 10;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 5;
and I want to use CI's db-session to login,and when session expired timeout OR CLOSE THE BROWSER,I want the user redirect to login page.
Using name and password login,and then I have logined.but I refresh the browser,I found that: each fresh bind each new sesion_id.
and the new session_id has been regenerated and saved in table.
When I closed the browser and wait for 10s,and I access last page.I found new session_id has regenerated but not need to login .
Controller: mycenter.php
Code:
<?php
class Mycenter extends Controller{
function Mycenter(){
parent::Controller();
$this->lang->load('title','english');
$this->lang->load('table','english');
$this->lang->load('error','english');
$this->lang->load('notice','english');
$this->load->model('common/security/security_model');
}
function index(){
$isloginto = $this->security_model->isLoginTo();
if ($isloginto === true){
$data = array('title' => $this->lang->line('title_mycenter_index'));
$this->load->view('center/mycenter_tpl',$data);
}else{
$forward = $this->session->set_userdata('forward',$_SERVER['PHP_SELF']);
redirect('center/loginto','refresh');
}
}
}
?>
Model
ecurity_model.php
Code:
<?php
class Security_model extends Model{
function Security_model(){
parent::Model();
}
function sessionIdIsInTable($id){
$this->db->where('session_id',$id);
$this->db->from('ci_sessions');
$query = $this->db->get();
if($query->num_rows() > 0){
return true;
}else{
return false;
}
}
function isLoginto(){
$session_id = $this->session->userdata('session_id');
if ( isset($session_id) ){
if ($this->sessionIdIsInTable($session_id)){
return true;
}else{
return false;
}
}else{
return false;
}
}
}
?>
the CI 1.7 user doc said:
Note: The Session class has built-in garbage collection which clears out expired sessions so you do not need to write your own routine to do it.
But I found the session_id which has expired not be removed by ci.Why?
Is any wrong with me ? when the browser close, the session_id was still being the ci_sessions table.
how can I make a user to login?