[eluser]tkyy[/eluser]
personally i never use auth libraries beyond the ci sessions and what comes packaged in the core, although i modify the sessions tables and how the default libraries very often.
i just feel as though each project you work on is different from the last, each need its own custom authentication and sessions handling.
as in example, in my current project i created a helper to read data from the cookie by key, so unserialize/unencrypt and if that data is not contained in the cookie it calls a session update (a modification in the ci session library) to update the users cookie and get the data. to do that (and also authenticate with the database when i want to) i had to modify alot of the ci sessions library. with performance in mind i wanted to avoid as many db calls as i could but also still have the security and size-increase of using a db to store session information (i only authenticate the user by database when they are making certain actions on my application and generally read the user's information directly from the cookie where possible)
the authentication and sessions specifically ties so closely with performance and how your entire site works that i feel as if it needs to be reinvented each time, with respect to the project.
what do you guys think and what are your coding habits in regard to these types of things?
