[eluser]Thorpe Obazee[/eluser]
everything will be passed to the database. I *think* the session_id is stored in the database for verification purposes. In the end, you'll have 1 cookie copy and one database copy of your session which I think is best when verifying validity of the cookie copy.
Option 2
If you don't like
that option and really really really really really really really really really really don't want any database copy of your session_id in the database, you'd have to manually check user_rights on every page using a user_id like so.
Code:
// Your controller
function is_logged()
{
if ( ! $this->user_model->check_user_rights($this->session->userdata('user_id'), 'admin'))
{
redirect('user/login');
}
// continue code here.....
}
Code:
// User_model
function check_user_rights($user_id, $role)
{
return $this->db->join('roles_users', 'roles_users.user_id = users.id', 'LEFT')
->join('roles', 'roles.id = roles_users.role_id', 'LEFT')
->where(array('users.id' => $user_id, 'roles.name' => $role))
->count_all_results('users');
}
That is assuming you have a table like so:
Quote:users
id
username
password
roles
id
name
roles_users
role_id
user_id
This is of course untested. But that's the logic behind it.