[eluser]Seppo[/eluser]
If you have set the encriptation key, that's secure. You can store your session in a database and match ip and user agent for additional security, although it is not necesary.
An extra peace of advice: you can use a Model to handle login information, so you don't have to repeat that code everywhere. =)
Instead of
Code:
$this->load->library(array('session'));
if ($this->session->userdata('logged_in') != TRUE || empty($this->session->userdata('uid')))
{
redirect('', 'refresh');
}
You can use
Code:
$this->load->model('login');
$this->login->require_login();
and your model can look like this
Code:
class Login extends Model
{
function Login()
{
parent::Model();
$this->load->library('session');
}
function require_login()
{
if ($this->session->userdata('logged_in') != TRUE || empty($this->session->userdata('uid')))
{
redirect('', 'refresh');
}
}
}