Auth session destroyed when redirecting

[eluser]noslen1[/eluser]
Hi everybody,

I've just registered on CI Forums to open up a new thread and share my problem with you.


I've created a basic authentication application based on cookie's session, for both admin users and client users in the Users table (Admin value set to 1 or 0 differentiate the status for each users).

When a user is logging in, I set a session containing user data, such as name, login... and logged_in and admin, then Users are redirected to 2 specific applications. if the admin property in the session is set to 1, the admin is redirected to the Backoffice application, else the client is redirected to Espaceclient application.

This step works fine, my login function sees if $this->session->userdata('admin') is true and then redirect the user with redirect('backoffice').

But then, in the specific application, when I try to display the session, I can't find any of parameters i've stored, like logged_in or admin, and so my authentication is broken and can not go further.

Looks like the redirect function destroy sessions, so I don't know how to handle that issue.


Please let me know your thoughts about it.
I can paste some of my code if you need it.

Thanks !

[eluser]jamesf[/eluser]
I've had issues previously where the data in the session wasn't escaped properly and was being removed on a refresh. Try saving something very basic and see if it exists after the redirect to ensure it's not this.

[eluser]noslen1[/eluser]
Thanks answering me.

Well the data session logged_in, or admin, is just 0 or 1.
And the login data is just few alphanumeric caracters.

That is kinda basic data, isn't it ?
Nothing stay stored after the redirection.


What about using the session with database ? Could that work ?

[eluser]WanWizard[/eluser]
Using the database is always a better option then using cookies. It's more secure, and you don't have to deal with the size limit of the cookie.

Examine the flow in your application, and the way cookies work. Cookies are sent to the client in the HTTP header of your page. This offcourse requires a page to be sent to the client.

If in your code you set session variables, and after that, in the same request, do a redirect, the cookie will never reach the client. With database sessions you don't have that problem, every modification of session variables is written directly to the database. Providing the client already has a session cookie, the new request can read the variables back fom the database.