$this->ci->session->sess_destroy() AGAIN!

[eluser]cPage[/eluser]
Simply not accurate. By logging out with a user and logging in with another the session of the second is undestroyable. Tested with the same computer with 2 differents users. It will be fine only if i clear all history and cookies in the browser. Is there a better way to destroy a session ?

edit

I finally got a solid solution.

[eluser]Aken[/eluser]
Okay, so maybe you could explain the code that caused the problem, and your solution?

[eluser]cPage[/eluser]
Well, a couple of things brings together and boom CI session stop running, however i noticed that its important to put this code into each controller constructor for the pages you want to protect from the back button of the browser :

Mmm , can i just put it in the view ? I dont know but its working now!

Code:

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
  header('Last-Modified: '.gmdate('D, d M Y H:i:s') . 'GMT');
  header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
  header('Cache-Control: post-check=0, pre-check=0', false );
  header('Pragma: no-cache');

From the login form of welcome.php , i was calling controller/login . From login i was using the user_model for the test and If it was successful it goes back to welcome.php and the login form become connected as.... Right, no problem with that.

The problem was the logout. I was calling controller/users/logout with a redirection and then another redirection in the libraries/common.php function logout(); so sessions was duplicate and the last session never destroy. Clearly it was :

Code:

//-- Bad way
redirect('logout');
redirect('welcome');

Finally , from any of controllers to users/logout redirection was a very bad idea.

I ve finished with this clean login :

Code:

class Login extends CI_Controller
{
function __construct()
{
  parent::__construct();
}

public function index()
{
  $post = $this->input->post();
  if( isset($post['email']) && ! empty($post['email']) && isset($post['pwd']) && ! empty($post['pwd']))
  {
   $query = $this->user_model->check_user($post['email'],$post['pwd']);
   if ($query->num_rows() > 0)
   {
    $row = $query->row_array();
    unset($row['pwd']);
    $row['logged_in'] = TRUE;
    $this->session->set_userdata($row);
   }
   redirect(base_url(), 'refresh');
   exit;
  }
  else
  {
   $this->common->logout();
  }
}
}
/* Location: ./application/controllers/login.php */

And this clean Common class

Code:

<?php
/*
-- Common functions
*/
class Common
{
private $ci;

public function __construct()
{
   $this->ci =& get_instance();
}

public function logout()
{
  $this->ci->session->sess_destroy();
  redirect(base_url(),'refresh');
  exit;
}

public function user_logged_in()
{
   return (isset($this->ci->session->userdata['logged_in']) && $this->ci->session->userdata['logged_in']) ? TRUE : FALSE;
}

public function set_message($class,$message)
{
  $string = '<div class="'.$class.'">'.$message.'</div>';
  $this->ci->session->set_userdata('message',htmlentities($string,ENT_COMPAT,"UTF-8"));
}

public function get_message()
{
  return html_entity_decode($this->ci->session->userdata('message'),ENT_COMPAT,"UTF-8");
}

public function theme_url()
{
  return $this->ci->config->item('theme_url');
}
}
/* Location: ./application/libraries/common.php */

And by adding those lines to each controller constructor except the controller/login wich is build to validate the input not the userdata['logged_in']

Code:

if( !$this->common->user_logged_in() )
  {
   $this->common->logout();
  }

edit
Almost forgot, the link for the logout anywhere in your nav view:

Code:

<a href="&lt;?=site_url('login')?&gt;" class="navbar-link">Logout</a>

Yes , its not an error , this link to the login with empty input

Hope this is clear and this will help some other people.

<em>p.s english is not my native language</em>