[eluser]basementDUDE[/eluser]
what I don't understand is, the author already unset all the login data, why he still called sess_destory after that?
Code:
$identity = $this->ci->config->item('identity', 'ion_auth');
$this->ci->session->unset_userdata($identity);
$this->ci->session->unset_userdata('group');
$this->ci->session->unset_userdata('id');
$this->ci->session->unset_userdata('user_id');
[quote author="WanWizard" date="1282691783"]This is a known issue with the way most users implement authentication.
Instead of having a proper data structure within the session to store user related information, and erasing/resetting that when a user logs out, they take the lazy option, and do a $this->session->sess_destroy(). That takes care of the logout, but also deletes all other valuable information in the session.
If you look in the Ion_auth library, in the logout() method, there a line that says
Code:
$this->ci->session->sess_destroy();
Comment this to retain your session. The unset_userdata() calls above that line will make sure the user is logged out.[/quote]