flashdata not being stored between redirects when using Tank Auth

I'm using the latest version of Codeigniter and tank_auth 1.0.9 on a site I'm building.

When using set_flashdata() and flashdata() respectivly, nothing is bei开发者_StackOverflowng returned on redirect but if I set sess_use_database to FALSE in the config it works.

I've searched around and couldn't find an answer -- Has anyone else run into this issue and fixed it?

I was having the same issue and figured out the problem. If you're storing sessions in the database, it will not work.

Tank Auth runs this code from the main library ( $this->tank_auth->logout() ):

$this->delete_autologin();

// See http://codeigniter.com/forums/viewreply/662369/ as the reason for the next line
$this->ci->session->set_userdata(array('user_id' => '', 'username' => '', 'status' => ''));

$this->ci->session->sess_destroy();

Then it runs this code from the auth controller ( $this->_show_message() ):

$this->session->set_flashdata('message', $message);
redirect('/auth/');

The problem is that since sess_destroy() was run prior to setting the flashdata, there is no database row to add the flashdata to, so the flashdata never gets set.

At this point there are a few solutions:

Option 1:

Add $this->ci->session->sess_create(); immediately after $this->ci->session->sess_destroy(); in function logout() in application/libraries/Tank_auth.php

This works because you are creating a new blank session where flashdata can be stored. A potential con for this is that you are performing more operations on the database (delete+insert).

Option 2:

Comment out/delete $this->ci->session->sess_destroy(); in function logout() in application/libraries/Tank_auth.php

This works because the session is not destroyed, allowing CI to perform only an update query to add flashdata. This is probably better than option 1 unless you absolutely need to destroy the session.

Option 3:

Set $config['sess_use_database'] to FALSE.

This works because a session is automatically created when it is requested again, as opposed to how it works when you store sessions in the database. Potentially less secure.

In the end, it is up to you to decide which option is best for your application.

if tank_auth does any internal redirects then you may lose the flash data on that redirect request.

Exactly. CodeIgniter documentation specifies here: http://codeigniter.com/user_guide/libraries/sessions.html

=============================
Destroying a Session

To clear the current session:
$this->session->sess_destroy();

Note: This function should be the last one called,
    and **even flash variables will no longer be available**.
    If you only want some items destroyed and not all, use unset_userdata().
=============================

I've digged into the system/libraries/Session.php file and saving flashdata triggers the sess_write() method which only UPDATES the database as you said.

To me a better fix is checking to make sure the session exist before setting the flashdata in show_message().

function _show_message($message)
{
    // Patch for show_message() after logout(). Make sure the session exist before   set_flashdata().
    if(!$this->session->sess_read())
    {
        $this->session->sess_create();
    }
    $this->session->set_flashdata('message', $message);     
   redirect('/auth/');      
}