I’m setting a session data for users when they log to my website.
So if the user exists in db i set a session data like : $this->session->set_userdata('user_exists','1');
Now every time i want to check if user exists & is logged i do:
if($this->session->userdata('user_exists')){ //do somenthing for logged user}Now i’m wondering if this means that user is logged & exists in db since he logged & i setted him a session param, is this true? Or i’ll obtain security problems?
NB: i’m using session database
thanks
//session encryption is mandatory
$sess_id = $this->session->userdata('user_id'); if(!empty($sess_id)) { redirect(site_url().'/reports'); }else{ $this->session->set_userdata(array('msg'=>'')); //load the login page $this->load->view('login/index'); } 
No comments:
Post a Comment