• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Database session, remember user, cookies

Hi there,

this is my first post, and just wanted to let you know I'm quite comfortable using CI so far. I've been able to make a 'complete' user registration and login system following the user guide, which I really appreciate the work you guys did on it. Very clear.

So, what I cannot really understand is the way sessions are stored in the database. I mean, how I can check whether that user is already signed in (logged in.. etc) or not ? Without using the database it's working. I can log in a registered user, logout, alter userdata, etc.

If I activate the option to store these in the database I'm just lost. I'm seeking a little bit of guidance through this, I'm quite curious about this session thing.

Thanks a lot for your time.

Yes you can store session data in database.

Here is the sample code you can refer :

session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text DEFAULT '' NOT NULL,
PRIMARY KEY (session_id)

// --------------------------------------------------------------------

     * logged_in
     * Check to see if a user is logged in
     * Look in the session and return the 'logged_in' part
     * @access    public
     * @return    boolean
    public function logged_in()
        if ($this->CI->session->userdata('logged_in') == TRUE)
            return TRUE;

            return FALSE;


Thanks to both. I already did that before. Everything is set, what I mean is how to check against the database, that user is for example 'TEST' and is not the user 'ADMIN'.

In my sessions table I save all the data I saw in the user guide. So I wonder how to check that =) Maybe I am missing some important point here.. or a super-easy one..

Thanks for your answers!

Edit: the user should have the cookie right ? how can I check against that cookie ? .. I may be able to do that right ?

Edit 2: I should have read MORE the user guie. http://ellislab.com/codeigniter/user-gui...input.html :/

uhm...I think you mean how do you check that the info on the DB is the same that is at the cookie...

well, I think CI sessions make that check for you, if the info in the DB isn't the same at the cookie then the session is not valid.

To check that just try editing some session info at the database for example with phpmyadmin and then try to authenticate that session. You will realize that it can't be authenticated.

You have all the user you have stored in the session available to use, for example, when i create the session i set all the information i need for that user, like this:
$this->session->set_userdata('name', 'ramm');
$this->session->set_userdata('email', '[email protected]');
$this->session->set_userdata('id', '1');
$this->session->set_userdata('type', 'admin');
$this->session->set_userdata('whatever', 'whatever value');

And then while the session is active i can use the data wherever i need it:
//In a controller
if($this->session->userdata('type') == 'admin')
  //Let user do something
  //Don't let him do it

//Or in a view
<p>Logged in as: &lt;?php echo $this->session->userdata('name'); ?&gt;</p>

Thanks, that was exactly what I didn't know. CI already checks that.. I now have to think how many computers I allow a user to be logged in and I'm done ^^

I'd like to 'reactivate' this thread, since I am coding a similar website that will implement the "Remember me" functionality.
As for my previous example I also created a MY_Controller file to check if a user is logged in or not, which is working.
Now, if a user checks the Remember me checkbox, I create a cookie, this way:
    // create cookie
    $public_key = md5('test');
    $remember_cookie = array(
    'name'   => 'test',
    'value'  => $public_key,
    'expire' => '1209600',
    'path'   => '/'


Now I have several questions..
1.- Shall I update or insert a row in the ci_sessions table with the information the user entered ? If so, how to ?
$insert = array(
    'user_id' => $this->session->userdata('id'),
    'public_key' => $public_key,
    'private_key' => md5('private'),
    'ip_address' => ip2long($_SERVER['REMOTE_ADDR'])
$query = $this->db->insert('ci_sessions', $insert);
By doing that, I miss several ci_sessions table rows.. :S This is the table, shall I extend the sessions library or ?
CREATE TABLE `ci_sessions` (
  `session_id` varchar(40) NOT NULL,
  `user_id` bigint(20) unsigned NOT NULL,
  `public_key` varchar(32) NOT NULL,
  `private_key` varchar(32) NOT NULL,
  `ip_address` varchar(16) NOT NULL,
  `user_agent` varchar(50) NOT NULL,
  `last_activity` int(10) NOT NULL,
  `user_data` text NOT NULL,
  PRIMARY KEY (`session_id`),
  KEY `user_id` (`user_id`,`public_key`)

2.- Once I manage to fill up that info, how to check for that cookie and its values ? Should be prior or after checking if a user is logged in ?
class Main_controller extends CI_Controller {

    public $data = array();

    public function __construct()
        if ($this->session->userdata('logged_in') === TRUE)
            // ...
            // check cookie
            // ...


3.- After checking that info, I should update that cookie with new data, and update the ci_sessions table with same data as well, right ?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.