Feedback on session check, login system.

#1
[eluser]überfuzz[/eluser]
I've got a login-system on a site. What would be the best practice of checking the session.

Prior to CI I checked in every file etc to be sure that the user had the right access level. Now, using CI, I've got a folder controllers/login wish is only open to users, logged in. Furthermore, I've got a MY_Controller fetching and passing stuff throughout the system.

Where should the control of the session be. My idea was to check in the MY_Controller and extend it to every controller. (The my-extension is ok sins every page will share header etc.)

#2
[eluser]designfellow[/eluser]
Hi,

I think most of the developers usually use a authentication library.
Auto-load the library & include the session checking function in the controller's constructor function(if needed)

You can omit the function call in public pages


Happy Coding,
DesignFellow

#3
[eluser]überfuzz[/eluser]
Code:
//menu prep. At the moment the site has no other pages than in-menu-pages thats going to be public.
        $menu = $this->systemdata->get_menu();
        foreach($menu AS $array)
        {
            $keys_unlocked[] = $array['segment'];
        }
//------ check for segments not public
        if( in_array ($this->uri->rsegment(1), $keys_unlocked) )
        {
            $is_logged_in = $this->session->userdata('logged');
            if(!$is_logged_in)
            {
                redirect('login');
            }
        }

This is the code I'm planing to use, not tested. Pointers appreciated! For instance, I'm not sure of when 404 is trowed. (It's stated in the MY_Controller, in __construct().)


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.