User login check in class constructor

[eluser]stef25[/eluser]
Login check in a controller

I have a controller Login() that has a function update_password. In the contractor of this Class I have

Code:

function Client()
    {
        parent::Controller();
        
        $user_array = $this->session->userdata('user');
        if( !$user_array['logged_in'] ) redirect(base_url());
        elseif( is_int($this->uri->segment(2)) && $user_array['client_id'] !== $this->uri->segment(2) ) die('You are not logged in to that user account');
}

This is to make sure that no methods in this class can be accessed without the user being logged in.

Because of this bug I'm wondering if it's possible that a user accessed his change password page, waited till the session logged him out after X minutes and then submitted the form. Would this allow a method in this class to run nonetheless?

When I try this out myself I get redirected to the base_url (login page) as it should, but I'm not sure if the code in the method ran first. If so, I guess I need to put this check in every method and not just the constructor?

[eluser]Jelmer[/eluser]
When the Controller is instantiated the constructor will always be the first function called. Only after the controller is "constructed" can any other method be called on the controller object (unless it's from within the constructor itself).

As long as the $user_array = $this->session->userdata('user') performs a good check, the code below will not allow the controller to be used past the "if ( ! ..) redirect()" statement.

[eluser]stef25[/eluser]
What I thought, thanks for confirming.