Understanding codeigniter sessions

Question

I'm trying to build a basic login script with codeigniter, but there's something i dont understand...

How do you initialize a session after, and only after, you've logged in?

Do you have to put $this->load->library('sessions') in every constructor in the member area?

im lost :P

Answer 1

Be careful when autoloading Codeigniter sessions, especially if you are using MySQL as the the session storage for a high load website. Apart from the obvious slowdown (eventually) read/write activities, Codeigniter will always give sessions even to bots, Google Bots in particular. Depending on your own website settings in Google Webmaster Tools, this can lead to performance degradation.

I find that the most efficient way for a session storage is Memcache. I've tried MongoDB but this can also sometimes bring more harm than good. I Open Sourced my own session management using Memcache for Codeigniter located here.

Memcache has its own internal Garbage Collector way more powerful than Codeigniter's so you won't have to worry about the size of your storage. You can simply increase the Memcache memory size if you need to. I would suggest ~4GB for a high load website with more than 100 concurrent requests/second.

Good luck!

Answer 2

The best way to do it is to create your own Controller class that extends CI_Controller.

Basically when you say:

class Controller_name extends CI_Controller {}

You would change that to

class Controller_name extends My_Controller {}

The My_Controller would do the authentication and if a page doesn't require a user to be logged in you use the standard CI_Controller class.

UPDATE:

I wrote this at work and didn't have the code examples to really show this better.

Create MY_Controller.php in /applications/core/ and use the following code.

<?php

class  MY_Controller  extends  CI_Controller  {

    function __construct() {
        parent::__construct();

        // Verify logged in status.
        if ( ! $this->session->userdata('loggedIn') ) redirect('/login');
    }
}

Then in your login controller you would set a session variable called loggedIn. I normally will make the value of this the user's ID so I can quickly reference it.

Now if you want to make any controller require that a user is logged in extend your new MY_Controller class.

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Dashboard extends MY_Controller {

    /* Your Code */

}

If the user does not have loggedIn as a session variable then they will be redirected to the login controller.

Hope this helps.

Answer 3

Put the session class into the autoloader configuration, in application/config/autoload.php:

$autoload['libraries'] = array('session' /* , ... */);

Then it's available automatically in each controller:

$session_id = $this->session->userdata('session_id');

and you can initialize the session data after (and only after!) each login.

And it's called session not sessions. so if you don't want to autoload (it does not make much sense to not autoload the session library, but anyway, do what you want), use the correct library name to make it work ;)

Answer 4

I'm a fan of using a library to handle all interaction with the session data. Add the library to your autoload config, and you can reference it as needed from anywhere in your code.

I suggest taking a look at an existing authentication library (e.g. Ion_Auth - my favorite starting point) and either build from there or decide what lessons learned can be applied to your own needs.

Answer 5

You could create a new controller class which would extend the "CI_controller". You need to name it using an "MY_" prefix and put it into "/system/application/libraries/" folder. In your custom controller's construct you start the session. If your controller needs auth, you extend the custom class, else you extend the "CI_controller" class.