Welcome Guest, Not a member yet? Register   Sign In
The Auth Library 1.0.3 - The Easiest Auth Library for CodeIgniter

[eluser]Ihab Khattab[/eluser]
I think you can save session data to database it is available since version 1.7


[eluser]Adam Griffiths[/eluser]
Does the session data get saved to only the database, or the database and the cookie?

Quote:While the session data array stored in the user's cookie contains a Session ID, unless you store session data in a database there is no way to validate it. For some applications that require little or no security, session ID validation may not be needed, but if your application requires security, validation is mandatory.

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

This is direct from the user guide, looks like the database acts as a mirror of the cookie data, and validates it when it finds a valid cookie.

Two points to make. There still won't be enough room in the cookie for all the data, and using this would render my remember me function useless, and I worked hard to get it as secure as possible. So if what I've laid out in this post is correct, using a database wouldn't help in this situation.

If somebody would like to clarify this, or put me right, please do so.


[eluser]Ihab Khattab[/eluser]
No, it will be stored in 'user_data' field in database

session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)

Quote:Updated the Sessions class so that any custom data being saved gets stored to a database rather than the session cookie (assuming you are using a database to store session data), permitting much more data to be saved.

I'm quoting from the change log of version 1.7

Just give it a try, you can do nice things with this feature "storing sessions in database" like "who online ?" which can enrich the library

[eluser]Adam Griffiths[/eluser]
Thanks for putting me right. I'll look at implementing it into the 1.0.2 release along with all the other fixes I've made.

I must thank you again for your input. Big Grin

[quote author="Adam Griffiths" date="1235534215"][quote author="GodsHand" date="1235533668"]Looks interesting. Can you tell me why I would use yours over DXAuth?

It only takes 3 steps to install, one of which is downloading the zip file. To start using it, all you need to do is extend the 'Application' controller instead of 'Controller' - so there's no need to create your own login, register and logout functions. [/quote]


as a relative newbie I don't understand this bit and can't find any further info. What does this mean extend the Application controller instead of Controller.

I've got as far as creating the mysql database and have a users table. I followed the instructions and (finally hell of a lot longer than 5min :coolgrin: ) got a screen which says this is the client side section.

Well now what???? How do I login? Where is the admin??? I'm at a loss as what to do now.

[eluser]Adam Griffiths[/eluser]
When your class would usually extend Controller, you will instead extend Application. Take a look at the admin.php controller and you'll see what I mean - class Admin extends Application.

If you look in the MY_Controller.php library file, you'll see login(), logout() and register(), you use those in your URI. So login will be admin/login.

I will have a proper documentation up on Tuesday.

[eluser]Adam Griffiths[/eluser]
Hey guys,

Just changing storing the cookie login_attempts into the session database...and come across an problem. I was able to set a timeout on the cookie so it would expire after 15 minutes if the user had incorrectly tried to login 5 times. But I can't do that with the database can I?

Any ideas on how to get around this?


Since CI 1.7 you can use store custom session data for your users, that way you can easily keep track of the login attempts.


Btw I really love the idea behind your class, simplicity first!
Today I'll try out your auth system and give you some feedback, just a quick question tho:

do you think it's possible to use hooks instead of extending the main controller?


[eluser]Adam Griffiths[/eluser]
Thanks. I am setting custom data in the ci_session database, or did I miss your point?

It probably could be done with hooks, but this way is so much easier.

Oh, a quick update, I have released the user guide here and there's a new version.

Let's say our counter variable is named attempts

With that in mind you can retrieve/set the value at each login attempt like:

$current_attempts = $this->session->userdata('attempts'); // retrieve old value
$this->session->set_userdata('attempts', $current_attempts++); // set new value

Of course you should check the number of attempts before setting the new value and even before trying to login the user.

I don't know if you already did it, but you can set the expiration time for the session in the config file, it's named sess_expiration

Anyway I just came back home and I'm downloading the lib cause I want to try it out!

Theme © iAndrew 2016 - Forum software by © MyBB