问题
I'm trying to set session data for users when they log in to my website.
So if the user exists in db, I set a session data like : $this->session->set_userdata('user_exists','1');
Now every time i want to check if user exists and is logged i do:
if($this->session->userdata('user_exists')){
//do somenthing for logged user
}
Now I'm wondering if this means that user is logged and exists in the database since he logged and I set him a session param, is this true? Or I'll get security problems?
NB: I'm using session database
回答1:
//session encryption is mandatory
$sess_id = $this->session->userdata('user_id');
if(!empty($sess_id))
{
redirect(site_url().'/reports');
}else{
$this->session->set_userdata(array('msg'=>''));
//load the login page
$this->load->view('login/index');
}
来源:https://stackoverflow.com/questions/17543509/codeigniter-check-if-user-is-logged-and-exists-its-a-real-user