[eluser]cPage[/eluser]
Well, a couple of things brings together and boom CI session stop running, however i noticed that its important to put this code into each controller constructor for the pages you want to protect from the back button of the browser :
Quote:Mmm , can i just put it in the view ? I dont know but its working now!
Code:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . 'GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: post-check=0, pre-check=0', false );
header('Pragma: no-cache');
From the login form of welcome.php , i was calling
controller/login . From login i was using the user_model for the test and If it was successful it goes back to welcome.php and the login form become
connected as.... Right, no problem with that.
The problem was the logout. I was calling
controller/users/logout with a redirection and then another redirection in the
libraries/common.php function logout(); so sessions was duplicate and the last session never destroy. Clearly it was :
Code:
//-- Bad way
redirect('logout');
redirect('welcome');
Finally , from any of controllers to users/logout redirection was a very bad idea.
I ve finished with this clean login :
Code:
class Login extends CI_Controller
{
function __construct()
{
parent::__construct();
}
public function index()
{
$post = $this->input->post();
if( isset($post['email']) && ! empty($post['email']) && isset($post['pwd']) && ! empty($post['pwd']))
{
$query = $this->user_model->check_user($post['email'],$post['pwd']);
if ($query->num_rows() > 0)
{
$row = $query->row_array();
unset($row['pwd']);
$row['logged_in'] = TRUE;
$this->session->set_userdata($row);
}
redirect(base_url(), 'refresh');
exit;
}
else
{
$this->common->logout();
}
}
}
/* Location: ./application/controllers/login.php */
And this clean Common class
Code:
<?php
/*
-- Common functions
*/
class Common
{
private $ci;
public function __construct()
{
$this->ci =& get_instance();
}
public function logout()
{
$this->ci->session->sess_destroy();
redirect(base_url(),'refresh');
exit;
}
public function user_logged_in()
{
return (isset($this->ci->session->userdata['logged_in']) && $this->ci->session->userdata['logged_in']) ? TRUE : FALSE;
}
public function set_message($class,$message)
{
$string = '<div class="'.$class.'">'.$message.'</div>';
$this->ci->session->set_userdata('message',htmlentities($string,ENT_COMPAT,"UTF-8"));
}
public function get_message()
{
return html_entity_decode($this->ci->session->userdata('message'),ENT_COMPAT,"UTF-8");
}
public function theme_url()
{
return $this->ci->config->item('theme_url');
}
}
/* Location: ./application/libraries/common.php */
And by adding those lines to each controller constructor
except the controller/login wich is build to validate the input not the userdata['logged_in']
Code:
if( !$this->common->user_logged_in() )
{
$this->common->logout();
}
edit
Almost forgot, the link for the logout anywhere in your nav view:
Code:
<a href="<?=site_url('login')?>" class="navbar-link">Logout</a>
Yes , its not an error , this link to the login with empty input
Hope this is clear and this will help some other people.
<em>p.s english is not my native language</em>