Welcome Guest, Not a member yet? Register   Sign In
I need help with Sessions
#1

I am working with the latest version of CI and trying to convert an old project I inherited from CI 2.X.X.
I'm also very new with CI AND PHP but I'm learning it pretty well...

Anyway, I've posted a question on Stack Overflow regarding this very subject but I figured, why not ask the experts.

I'm attempting to redirect a user who logs in to our website based on what is read from the `Permissions` field in the data table containing their information.

I've been able to successfully redirect to the proper controller, but the problem is that as soon as the redirect is done, the Session data is lost, which tells me that's... probably *not* the way I want to be doing this.

Anyway, here's some code -

Code:
IF ($this->form_validation->run()){ //<---Form validation.
    IF (!$this->User->login( //<---Attempt to log in the user with POST data
        addslashes(strtolower($this->input->post('username', TRUE))), //<-Username
        addslashes($this->input->post('password', TRUE)), //<- Password
        $this->getIP())){ //<-IP
        /*If the login failed stuff goes here bla bla not relevant.*/
    } ELSE {
        SWITCH($this->User->stale('Permissions')){ //<- This works
            CASE 'ADMIN':
                redirect('Admin');
                BREAK;
            /*Some other stuff but not relevant*/
        }
    }

I've set a breakpoint in the Admin controller class constructor :

Code:
CLASS Admin EXTENDS CI_Controller{
    public FUNCTION __construct(){
        PARENT::__construct(); //<-This gets hit.
        $this->load->model('User_Model', 'User'); //<- So does this, but when the $_SESSION value appears in the Variables view, it only has a single value in it.
        $this->User->ID = $this->session->UserID;
        /*Some other stuff that goes here; again, not relevant.*/
    }
}

Then there's also where the session data is being set; within the `User_Model` `Login( ... )` method -

Code:
CLASS User_Model EXTENDS MY_Model{ //<----- MY_Model is just an extension of the CI_Model class that lets me use some of our Database stuff. Testing shows that it all checks out.
    public FUNCTION login($userName, $password, $IP){
        $row = $this->database->get_where('users', ARRAY('UserName' => $userName))->row_array()['UserName'];
        IF (!ISSET($row)){
            /*bla bla bad username handle it.*/
        } ELSE {
            /*Check password against username*/
            IF (/*Stuff*/) {
                /*Bla bla bad password handle it.*/
            } ELSEIF(/*check for already logged in*/){
                /*Bla bla logged in already handle it.*/
            } ELSE {
                /*Login was successful and there was much rejoicing (yaaay) handle it...*/
                /*Then I try and set the session values so that they are accessible after the redirect to the Admin controller:*/
                $this->session->UserID = $row['UserID'];
                /*and many others which aren't persisting*/
            }
        }            
}

Again, I'm pretty fresh-faced when it comes to PHP and CodeIgniter; also, I've inherited this project so a lot of what I'm working with is that from which I'm trying to learn, but the individuals responsible for the project I inherited didn't do a very good job with it... getting off track.

My initial inclination is that I am way, way, way off base with my perceived understanding of what the `$_SESSION`, `$this->session` and/or `redirect( ... )` is/are for..

So... what am I doing wrong here? I've asked a question similar to this in which Flash data wasn't persisting but I was able to resolve that because I was redirecting where I shouldn't have been a-redirecting.

So, in order to switch controllers, am I supposed to redirect here? If so, how do I persist the session data set by the login method? I've read somewhere something that suggests to me that the session data needs to be stored on a data table somewhere to be persisted, is that true?

If I'm not supposed to be redirecting in this case, how do I switch controllers after I've determined the `Permissions` state of the user after confirming their credentials?

Also - I see in the similar questions section a fairly old question that's pretty much this one. I took a look at it and noticed that I needed to adjust the Config file to handle session information, so I did. I even noticed the directory was created and there are a couple of files present (awesome). However, one file is empty (less awesome) and the other contains nothing of use (least awesome).

This is the `session_configuration` I am running -

Code:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'SomethingSomething_Session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = '/SomethingSomething_Sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

And the Cookies config - (not sure if this is entirely correct either).

Code:
$config['cookie_prefix']    = '';
$config['cookie_domain']    = 'localhost';
$config['cookie_path']        = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']     = FALSE;

If anyone things anything else would be relevant I'll be happy to share what I can to resolve this issue.
Reply
#2

It's not immediately clear what the problem is. You seem to be using the code correctly.

Quote:I've read somewhere something that suggests to me that the session data needs to be stored on a data table somewhere to be persisted, is that true?
No, you can do that in Codeigniter, but it's not necessary. Sessions are a PHP feature that you can use with or without Codeigniter. The basic use is like this.

1.- Use the PHP command session_start() to start the session.
2.- Store data like this: $_SESSION['variable_name'] = 'data'
3.- Go to a different page or refresh same page, which reloads everything
3.- Access the data like this: $x = $_SESSION['variable_name']

As long as you don't close the browser, the data should persist from page to page until you change it or forget to start the session. If you don't start the session, the $_SESSION array won't be created. However, the Codeigniter session library is supposed to start the session just by loading it, so I don't think the problem is that the session isn't starting (plus you would get some kind of warning if you tried to save data to a session when no sessions were open).

Your general approach is fine. If the user is not logged in, you redirect to the login page. After a successful login, you redirect to the application.

You mentioned setting a breakpoint. I think you're going to have to narrow down what's gong on, by inspecting values before they go into the session, and then confirming that they're there.

I suppose it's possible that your PHP environment does not, for whatever reason, support sessions. This is easy to verify with two PHP files.
PHP Code:
put.php
<?php
  session_start
();
 
 $_SESSION['x'] = 'y';

get.php
<?php
  session_start
();
 
 echo $_SESSION['x']; 


Sorry I can't do more than explain how sessions work. I don't see why your code doesn't work.
Hey, don't work without a PHP debugger. Several free IDEs have this features built in. Two are NetBeans and CodeLobster. Without a debugger, it's like you're driving with a blindfold on -- you are going to crash!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB