CodeIgniter Session Class

2 comments | Posted: 30 June 08 in Tutorials, by Yannick Lyn Fatt

In this tutorial we are going to take a look at the CodeIgniter Session Class, another core library that comes with CodeIgniter. From the CI Session class documentation:

The Session class permits you maintain a user’s “state” and track their activity while they browse your site.

An interesting point to note is that CI, does not use PHP’s native session functions. Instead CI generates its own session data, which they say offers more flexibility to developers.

Today, we will be building a simple application which we will call “MyCoolBibleApp” and I’ll demonstrate the usage of the Session class to store and retrieve data and also introduce Flashdata. Flashdata is simply session data that you only need for a single server request. Once that request is complete the flashdata is removed. Persons familiar with Ruby on Rails may know this as a ‘Flash message’.

Initial Setup

To begin, get the latest version of CodeIgniter. At the time of this tutorial, CI 1.6.3 is the latest. Copy the files to a folder on your webserver and call it ‘bibleapp’. Next, let us make a few changes to the config.php and autoload.php files. In config.php we need to tell CI the base URL of our application.

$config['base_url']	= "http://localhost/bibleapp/";

and in autoload.php, we will autoload the ‘Session Class’ and the ‘URL’ and ‘Form’ helpers:

$autoload['libraries'] = array('session');
$autoload['helper'] = array('form', 'url');

If you don’t want to autoload the session class, you can instantiate it in your controllers as follows:

$this->load->library('session');

Now that we have the initial setup complete, let’s move on to creating our controllers.

Controllers

For this tutorial we will only be needing two controllers. One for Login/Logout and the other to represent requests to the Dashboard of the application. Let us first look at the Login controller. Create a new controller called ‘login.php’ and place it in your system/application/controllers folder. The code should look like this:

<?php
class Login extends Controller {

	function Login()
	{
		parent::Controller();	
	}

	function index()
	{
	    if ($this->session->userdata('logged_in') == TRUE)
	    {
	        redirect('dashboard/index');
	    }

	    $data['title'] = 'MyCoolBibleApp';
	    $data['username'] = array('id' => 'username', 'name' => 'username');
	    $data['password'] = array('id' => 'password', 'name' => 'password');	        
	    $this->load->view('login', $data);
	}

	function process_login()
	{
	    $username = $this->input->post('username');    
	    $password  = $this->input->post('password');

	    if ($username == 'James' AND $password == 'James1:12')
	    {
	        $data = array(
                   'username'  => $username,
                   'logged_in'  => TRUE
                );

                $this->session->set_userdata($data);

                redirect('dashboard/index');
	    } 
	    else 
	    {
	        $this->session->set_flashdata('message', '<div id="message">Oopsie, it seems your username or password is incorrect, please try again.</div>');
	        redirect('login/index');
	    }
	}

	function logout()
	{
	    $this->session->sess_destroy();

	    redirect('login/index');
	}
}
?>

Let’s break that down. First you may notice we have three (3) methods, index(), process_login() and logout(). The index() method will contain our login form, process_login() will handle and process the login attempt and logout() will take care of logging the user out of the application.

In index(), it checks a session variable called logged_in to see if it is set to TRUE. If it is, then we are already logged in and can proceed to the dashboard of the application. However, if it is FALSE, then it continues and displays the login form.

While for process_login(), we get the username and password typed in by the user and check if it matches the ones we’ve hard coded into our application. Usually you would check a database, however, since this is just a simple example, we’ll stick with the hard coded values. If the username and password are correct, we add some data to our session array and then redirect the user to the dashboard.

$data = array(
                   'username'  => $username,
                   'logged_in'  => TRUE
                );

$this->session->set_userdata($data);

The above code is what stores our session data. Here we store the username of the user and also assign TRUE to our logged_in variable so that the application knows that we have successfully logged in. While the else condition sets the Flashdata which is used to display a message to the user if the username or password is incorrect:

$this->session->set_flashdata('message', '<div id="message">Oopsie, it seems your username or password is incorrect, please try again.</div>');

Note that the first parameter ‘message’ is simply a key (or name) that we can use later to identify and retrieve the Flashdata from in our views. Also note that while I’ve used Flashdata in this case to display an error message at logon, it is typically used for status messages such as ‘Record 2 deleted’ or ‘Verse successfully added’.

The last method in our Login controller is logout(). This method simply destroys the current session, thus, logging the user out of the application.

Next we create the Dashboard controller ‘dashboard.php’ again in our system/application/controllers/ folder. The code should be as follows:

<?php
class Dashboard extends Controller {

	function Dashboard()
	{
		parent::Controller();	
	}

	function index()
	{
	    if ($this->session->userdata('logged_in') != TRUE)
	    {
	        redirect('login/index');
	    }

	    $data['title']  = 'Dashboard | MyCoolBibleApp';    
	    $this->load->view('dashboard', $data);
	}
}
?>

This controller is pretty straightforward as we only have a single method called ‘index()’. All this method does is check to see if the user is logged in. It checks the logged_in session variable we set earlier in our Login class. If that variable is not equal to TRUE, then redirect them to the login page, else, continue and display the dashboard for the application.

With our controllers now complete, let us create our views. This is what the user will see when they use our application.

Views

As the views are basically just (x)HTML with a few functions from the CI Form and URL helpers (which have been discussed in the Introduction to CodeIgniter series), I won’t go into too much detail. Also note that both the ‘header.php’ and ‘footer.php’ views just contain the HTML code that would be common to all pages in the application (which can be found in the sample code available for this tutorial).

Our login.php view is as follows:

<?php echo $this->load->view('header'); ?>
<?php echo form_open('login/process_login') . "\n"; ?>
    <?php echo form_fieldset('Login') . "\n"; ?>

        <?php echo $this->session->flashdata('message'); ?>

        <p><label for="username">Username: </label><?php echo form_input($username); ?></p>
        <p><label for="password">Password: </label><?php echo form_password($password); ?></p>
        <p><?php echo form_submit('login', 'Login'); ?></p>
    <?php echo form_fieldset_close(); ?>
<?php echo form_close(); ?>
<?php echo $this->load->view('footer'); ?>

The only thing new here is how we retrieve our session flashdata. As you may recall, if the user’s login credentials are incorrect they are sent back to the login page and a message is displayed letting them know what went wrong. To retrieve that session flashdata, CI uses the following:

$this->session->flashdata('message');

The key ‘message’ here represents the key which was assigned to the flashdata in our Login controller.

Our dashboard.php view is as follows;

<?php echo $this->load->view('header'); ?>
    <h3>Current Memory Verse <span>08.04.2008</span></h3>
    <blockquote>&ldquo;Blessed is the man who perseveres under trial, because when he has stood the test, he will receive the crown of life that God has promised to those who love him.&rdquo;</blockquote>
    <p><a href="http://www.biblegateway.com/passage/?search=James%201:12;&version=31;" class="bibleref">James 1:12</a> <acronym title="New International Version">NIV</acronym></p>

    <p><img src="<?php echo base_url(); ?>images/bible.jpg" alt="Bible" /></p>

    <h4>Previous Verses</h4>
    <dl id="archives">
        <dt>31.03.2008</dt><dd><a href="http://www.biblegateway.com/passage/?version=31&search=1%20John%203:16" class="bibleref">1 John 3:16</a></dd>
        <dt>24.03.2008</dt><dd><a href="http://www.biblegateway.com/passage/?book_id=5&chapter=9&verse=19&version=31" class="bibleref">Deuteronomy 9:19</a></dd>
        <dt>17.04.2008</dt><dd><a href="http://www.biblegateway.com/passage/?search=Psalm+37%3A7&version=31" class="bibleref">Psalm 37:7</a></dd>
        <dt>10.04.2008</dt><dd><a href="http://www.biblegateway.com/passage/?search=John+12%3A46&version=31" class="bibleref">John 12:46</a></dd>
        <dt>03.04.2008</dt><dd><a href="http://www.biblegateway.com/passage/?search=Exodus+20%3A2-3&version=31" class="bibleref">Exodus 20:2-3</a></dd>
    </dl>
<?php echo $this->load->view('footer'); ?>

Again this is pretty easy to follow. The only thing new is how we retrieve and display the username of the user who just signed in. We do this by using the following:

$this->session->userdata('username');

Now that our views are complete, let us give our application a try.

Running the Application

To run the applcation, open your browser and visit the URL of the application. You might remember that we had set the base URL in our configuration earlier. So head to that address:

http://localhost/bibleapp/

You should see the standard welcome page that comes with CI. As we want our login page to show up by default, we have to change the default controller used by our application. To do this open ‘routes.php’ located in system/application/config/ and change $route['default_controller'] to the following:

$route['default_controller'] = "login";

Now if you visit the above URL again you should see your login form.

Next try to login. Enter an incorrect username and password so we can see the flashdata display our error message. The following message should show up:

Oopsie, it seems your username or password is incorrect, please try again.

Now try entering the correct username and password. In the case of this application we hard coded the credentials to be username ‘James’ and password ‘James1:12’ (without the quotes). In a real application you would of course allow the user to have their own username and password and probably check their credentials in a database.

If all goes well you should now see the application dashboard, displaying a picture of the user, the username, current memory verse and some previous verses. Pretty cool huh?

Before we close this tutorial, log out of the application using the Log out link and you should be sent back to the login page and the session data should now be removed. If you then attempt to go directly to the dashboard without logging in again, it will send you back to the login screen.

Summary

So what have we learnt today? We learnt how to build a simple application that stores and retrieves session data using CI’s Session Class. We also used flashdata to display a message to the user if an incorrect username or password was entered on the login page.

While we didn’t cover storing session data in a database in this tutorial, it is certainly worth looking into and you can read more about doing this via the CI Session class documentation .

I hope you found this tutorial helpful. Peace and God bless.

The code for this tutorial is also available for download: codeigniter-bibleapp.zip

Discuss This Topic

  1. 1 zimco

    Another great CodeIgniter tutorial, but how about an advanced version: storing the session in a database?

    I’ve read the CI-session class documentation and don’t get how to implement the session in a database. It would be great if you could show how this is done—the next step for security, so-to-speak, based on your above tutorial.

     
  2. 2 Yannick

    Zimco: I’ll see if I can do a Part 2 tutorial to show the use of the Session Class with a database.

     

Comments closed after 2 weeks.