0

I have written the registration page in my CodeIgniter application. Everything works fine, and it's using the PHPass library for password hashing.

Now, I want to write the login part of the system, and was wondering how exactly I'd go about doing this with CodeIgniter. I'm mostly confused about the correct (and best practice) way of doing it. Do I just accept the users login credentials, determine if they're correct and if so, set up a session for that user? Do they need a cookie? Does that cookie need to be encrypted? Do I need to track the user in my database (CodeIgniter can do this for me) and watch for IP address changes or hostname changes?

James Dawson
  • 5,309
  • 20
  • 72
  • 126

2 Answers2

2

There are many many auth libraries but since you are a beginner I strongly believe that it's better to make something on your own (unless you are on a very strict time frame). Because, as my colleague once told me, without making a mistake you won't understand why better solution is actually better.

Back to your actual question.

Do I just accept the users login credentials, determine if they're correct and if so, set up a session for that user?

Well, yes. There is no other reasonable way to do it, is there? :)

Do they need a cookie?

Session ID is stored automatically in a cookie. You can store other options in a cookie, but have in mind that cookies can be stolen (so it's NOT a good idea to save username/cookie). Plus people use more than one device (e.g. tablet and desktop) more and more so be sensible about using cookies.

Does that cookie need to be encrypted?

I believe I answered that already.

Gediminas
  • 854
  • 8
  • 14
0

You should probably start here with this: http://codeigniter.com/wiki/Category:Libraries::Authentication and http://codeigniter.com/wiki/Category:Libraries::Authorization

From CI Wiki: Authentication is different from Authorization. Authentication answers the question “is this user who they claim to be?” Authorization answers the question “given this user, are they authorized to perform this action?”

Why don't you use one of the many CI auth libraries? How should I choose an authentication library for CodeIgniter?

You can just have a look at the CI wiki for all the particular details you are after: http://codeigniter.com/wiki/auth

Community
  • 1
  • 1
space_balls
  • 1,383
  • 2
  • 14
  • 29