Hey there, let’s tackle that session loss issue you’re hitting after logging in and redirecting to the index page. I’ve gone through your controller code and spotted several potential culprits—here’s a step-by-step breakdown to get things working:

1. Fix Session Data Access in Your Controller #

First up, CodeIgniter 3 doesn’t let you access session data directly as object properties (like $this->session->sec_id). You need to use the userdata() method to retrieve values. This is almost certainly why you’re getting null for sec_id in your index method.

Code Changes Needed: #

• In your secretariatLogin() method, update the session check:

  // Old code
  if ($this->session->isSecretariat){
  // Fixed code
  if ($this->session->userdata('isSecretariat')){
  }
  

• In your index() method, correct how you fetch sec_id:

  // Old code
  $id = $this->session->sec_id;
  // Fixed code
  $id = $this->session->userdata('sec_id');
  

• Also, fix the user null check in signin()—your current logic has a priority issue that might lead to incorrect evaluations:

  // Old code
  if(!$user == null){
  // Fixed code
  if($user !== null){
  }
  

2. Verify Your Session Configuration #

Most session loss issues in CI3 boil down to misconfigured settings in application/config/config.php. Double-check these key values:

• Session Driver: Avoid the cookie driver (it stores data client-side with size limits). Use files or database for reliability:

  $config['sess_driver'] = 'files'; // or 'database'
  

• Save Path (for files driver): Ensure the path exists and has write permissions (chmod 700):

  $config['sess_save_path'] = APPPATH . 'cache/sessions/';
  

• Cookie Settings: These are critical for session persistence across redirects:

  $config['cookie_prefix']    = 'pacsa_';
  $config['cookie_domain']    = ''; // Use '.yourdomain.com' for production (supports subdomains)
  $config['cookie_path']      = '/'; // Covers your entire site
  $config['cookie_secure']    = FALSE; // Set to TRUE if using HTTPS in production
  $config['cookie_httponly']  = TRUE;
  

• IP Matching: Disable this temporarily to rule out IP-related session invalidation:

  $config['sess_match_ip'] = FALSE;
  

3. Check for CSRF Protection Conflicts #

If you’ve enabled CSRF protection in CI, your login form must include the CSRF token. Without it, the login request might be rejected, and your session data won’t be saved.

Add this hidden field inside your login form in secretariatLogin.php:

<?php echo form_hidden($this->security->get_csrf_token_name(), $this->security->get_csrf_hash()); ?>

4. Ensure Session Library is Loaded Correctly #

While you’re loading the session library in your controller’s constructor, it’s more reliable to autoload it site-wide. Edit application/config/autoload.php:

$autoload['libraries'] = array('session');

This ensures the session is initialized consistently across all controllers.

Final Testing Steps #

1. Clear your browser’s cookies and cache before testing.
2. After logging in, use var_dump($this->session->userdata()) in the index method to see all stored session data—this will confirm if the values are being saved at all.
3. If using the files driver, check the session files in your save path to verify they’re being created.

内容的提问来源于stack exchange，提问作者Kyle Cipriano