Codeigniter Session returning 310 redirect

1
votes

I have a callback function that checks my login details are correct - If they are wrong it returns an error (this is working fine). If the details are correct it should set the session $this->session->set_userdata('logged_in',TRUE); and then continue with the function login and be redirected to the dashboard - This redirect works fine.

In my function index(){} on any dashboard pages have the line

if($this->session->userdata('logged_in')) redirect('dashboard/home');

The line above is the one that is causing my 310 redirect but I am unsure why?

I am wanting to check if the user is logged in redirect to dashboard/home else go back to the login page home/login

Controller:

class Home extends CI_Controller {

    function __construct() {
            parent::__construct();
        }    

    public function index()
    {
        //if($this->session->userdata('logged_in')) redirect('dashboard/home');

        $data['contentMangement'] = $this->options_model->systemOptions();
        $data['pageTitle'] = 'Login';
        $data['message'] = "";
        $this->load->view('_assets/header', $data);
        $this->load->view('login', $data);
        $this->load->view('_assets/footer');
    }

    public function login() {
          $this->form_validation->set_rules('userEmail','Username', 'required|valid_email|trim|max_length[99]|xss_clean');
            $this->form_validation->set_rules('userPassword','Password', 'required|trim|max_length[200]|xss_clean|callback__checkUsernamePassword');

            if($this->form_validation->run() === FALSE) {

                $data['contentMangement'] = $this->options_model->systemOptions();
                $data['pageTitle'] = 'Login';
                $data['message'] = validation_errors('<div class="alert alert-error">', '</div>');
                $this->load->view('_assets/header', $data);
                $this->load->view('login', $data);
                $this->load->view('_assets/footer');

            }elseif($this->form_validation->run() === TRUE){

            redirect('dashboard/home');
        }
    }


    function _checkUsernamePassword() {

            $username = $this->input->post('userEmail');
            $password = $this->input->post('userPassword');

            $user = $this->user_model->check_login($username,$password);

            if(! $user)
            {
                $this->form_validation->set_message('_checkUsernamePassword', 'Sorry the details you provided have not been found');
                return FALSE;
            }else{
                 $this->session->set_userdata('logged_in',TRUE);
                return TRUE;
            }   
    }
}
2
phpcodeignitersessionredirect
Can we see the validating code on dashboard/home?MikeCruz13
@MikeCruz13 The login validation? I dont have any validation code for dashboard/home its just the viewJess McKenzie
Could you post your controller too. My answer might have been wrong depending on what your controller looks like.xbonez
@xbonez I have posted the whole controller :)Jess McKenzie
@JessMcKenzie: Ok, in that case, my answer was correct. I'm undeleting it.xbonez

2 Answers

1
votes

Here's what's happening.

Assume, I login correctly, in your login controller, you set logged_in = TRUE, and redirect me to dashboard/home. In the index() function at dashboard/home, if logged_in = TRUE (which it is) you redirect me to dashboard/home again. Once again, you check logged_in = TRUE, and redirect me again, and so on and so forth.

This is causing an infinite redirection loop which causes the 310 Error (Too many redirects).

You'll need to rework your login check. In index() in dashboard/home, do this:

if ($this->session->userdata('logged_in') === FALSE) redirect(site_url('dashboard/login'));

Now, when I visit dashboard home, you only redirect me away if I'm not logged in. This protects your dashboard home against non-authenticated users, while not throwing authenticated users into an infinite loop.

0
votes

I think you first should create a MY_Controller to do that, what if one day you decide to change your session variable name from logged_in to logged? Will you open all your controllers and change its sessions?

Creating a MY_Controller you will make all other controllers, like Home_Controller extend the MY_Controller, like:

class Home extends MY_Controller
{
    public function __construct()
    {
        parent::__construct();
    }
}

Your MY_Controller:

//under /application/core/
class MY_Controller extends Controller
{
  public function __construct()
  {
    parent::__construct();
    if(!$this->session->userdata('logged_in'))
       redirect('login');
  }
}

Of course that on your Login_Controller you will extend Controller and not MY_Controller or you'll be on a infinite loop.