CodeIgniter-Aauth icon indicating copy to clipboard operation
CodeIgniter-Aauth copied to clipboard

Published 20 hours ago verified publisher icon emreakay

Unspecific session variable names for user

Open perenstrom opened this issue 7 years ago • 4 comments

The user data of the logged in user is set to a session in the login function. But these variables seem too unspecific. Just having the user id as $_SESSION['id'] seems it could be in the risk for being overridden by something else with an id that it wants to save in the session.

// create session
$data = array(
    'id' => $row->id,
    'username' => $row->username,
    'email' => $row->email,
    'loggedin' => TRUE
);

$this->CI->session->set_userdata($data);

A better way seems to me to be to store all these variables in an user-array and save that in the session. This is easily done by just adding one small thing in the session saving. Something like this:

// create session
$data = array(
    'id' => $row->id,
    'username' => $row->username,
    'email' => $row->email,
    'loggedin' => TRUE
);

$this->CI->session->set_userdata('user', $data);

This would result in the user data being available from $_SESSION['user']['id'] etc.

perenstrom avatar Oct 08 '16 13:10 perenstrom

Thats a good idead, but i would not add this in v2 this could break some custom created functions from users.

REJack avatar Oct 08 '16 18:10 REJack

Sounds reasonable!

perenstrom avatar Oct 09 '16 17:10 perenstrom

Really good idea 👍

emreakay avatar Oct 25 '16 10:10 emreakay

i agree sounds better

kelvinchingoma avatar Nov 24 '16 05:11 kelvinchingoma