Session / Login help |
[eluser]gbd_dee[/eluser]
Im new to CI. I want to restrict views to logged in members of my site. Im currently using session class but not sure if its working correctly. When I destroy the session I still have access to restricted content. Can someone go into detail on how I would code this correctly. Every user has a profile page (only the logged in user can access its own person profile information/page) Profile controller Basically I want to only allow a session to be active for 30 minutes without activity, if a window or tab is closed I want the user to have to login again. I need a code snippet that I add to every view that I want protect from non logged in members. Thanks in advance
[eluser]Aken[/eluser]
You're probably checking if a session_id exists on your protected pages. A session_id will ALWAYS exist - it's what assigns a session to a user. You need to add your own userdata that says whether they're logged in or not, and check that.
[eluser]gbd_dee[/eluser]
This is the code snippet that I have at the top of my restricted views Code: if(!$this->session->userdata('user_email')==$email) if I destroy the session is will still let me access restricted content
[eluser]InsiteFX[/eluser]
Because you need also to unset the session userdata! Code: $this->session->unset_userdata('some_name');
[eluser]Stefan Hueg[/eluser]
This won't work because you can not set a redirect in your view. This has to be done in your controller in any restricted function OR if your whole controller should be protected, in your controller's __construct(){...}
[eluser]gbd_dee[/eluser]
This still isnt working Code: class Profile extends CI_Controller {
[eluser]Stefan Hueg[/eluser]
I believe InsiteFX's post has misdirected you, here is the solution: Code: public function login() Your function name is misleading, it should be something like is_logged_in() to make things clear.
[eluser]InsiteFX[/eluser]
Code: class Profile extends CI_Controller { Your code that you are showing doe's not really make any since! @stefan Hueg, And how do you figure I have missed directed him? If you do not unset the session userdata it will still exist, because there is no telling when the garbage collector will clear out the session! Look at your session table and tell me how many sessions you have left in it...
[eluser]gbd_dee[/eluser]
So I did some restructuring I have a login and logout controller (2 separate controllers) here is my login controller Code: <?php |
Welcome Guest, Not a member yet? Register Sign In |