[eluser]Tom Schlick[/eluser]
[quote author="atno" date="1265910488"][quote author="Michael Wales" date="1265246300"]If all you are doing is checking for the value of logged_in, then yes - that's definitely weak and should be changed.
I like to store the user's unique ID in the session as well as a hash of some key fields within their record - then encrypt the entire session. On every page load, validate the hashed fields against their database record.[/quote]
Hey Michael,
Can you please provide some more info like code about this?
Thanks in advanced,
atno[/quote]
if you dont know how to implement a secure login system i would highly suggest looking at the 10+ auth systems fellow CI coders have come up with. i know Michael Wales just released one which i cant remember the name of. also there is Ion auth, dx auth, redux..... etc