How to setup persistent logins in codeigniter?

Question

I am new to the codeigniter framework and am curious as to how one goes about setting up the process to handle persistent logins. I am migrating an existing site over to codeigniter and everything is already setup as far as creating cookies, saving and updating tokens in the database, the average best practices for persistent logins.

What I'm not sure on since I'm new to codeigniter (and this will probably wind up being quite simple at least I hope so) is how to handle the check for the cookie on the users system? In the old application I had written a function called "create_user_session()" that I called at the top of every page on the site. This session checked to see if the user was logged in, if not it then checked to see if a cookie existed on the users machine and if so, used the token in the cookie to log the user in.

My question is where in codeigniter should I setup this process? I'm assuming there is a way to handle this situation without having to call a "create_user_session()" function in everyone of my controllers...at least that's what I'm hoping. Any insight into how to handle this situation is greatly appreciated! :)

*EDIT I plan on having a "session" controller that will be used to handle accessing the models needed to log the user in, out, register users, remove users, etc.

Answer 1

Assuming your "persistent login function" is just automatically logging in users who have a cookie/session, CodeIgniter's session library will handle this for you.

If you auto-load the session library, CI will update the session on each page load.

In order to check the sessions on pageload, you can put the check in the controller constructor, on the controller methods, or you can create an extended controller to do it for you across the board -- this would probably be the easiest and make the most sense.

application/core/MY_Controller.php

class MY_Controller extends CI_Controller{
    public function __construct() {
        parent::__construct();
        if($this->session->userdata('session_id') == FALSE) {
            redirect('/login');
        }
    }
}

Controllers:

auth required:

application/controllers/Whatever.php

class Whatever extends MY_Controller {

    // have to be logged in to see anything in here

}   

auth not required:

application/controllers/Login.php

class Login extends CI_Controller{

    // don't have to be logged in to see stuff here since
    // we're extending CI_Controller and not MY_Controller

}

Answer 2

Instead of checking the cookie in every controller you should create a MY_Controller.php in the core directory and let all controllers in your application extend from this controller.

This is very handy for autenthication as well as lots of other stuff that you do not want to repeat throughout your application.

For example:

file: core/MY_Controller.php

class MY_Controller extends CI__Controller {
    function construct()
    {
        parent::construct();
        create_user_session();
    }
}

then let all your controllers extend from your MY_Controller instead of CI_Controller:

class Users extends MY_Controller {
    function construct()
    {
        parent::construct();
        [...]
    }

    [...]
}