I have implemented a basic login system using CodeIgniter. I am using the sessions library to control access to a members only section. I can log in and view this area no problem. However when I delete my cookies and refresh the members only section page I can still see the content. I am not displaying a login message to the user.

I don't know why this is happening. Any ideas?

This is my Site.php controller

class Site extends CI_Controller{

function _construct(){
    parent::_construct();
    $this->is_logged_in();
}

function members_area(){
    $this->load->view('members_area');
}

function is_logged_in(){
    $is_logged_in = $this->session->userdata('is_logged_in');
    if(!isset($is_logged_in) || $is_logged_in != true){
        echo 'You need to login to access this page. <a href="../login">Login</a>';
        die();
}

} }

This is my login.php Controller

class Login extends CI_Controller{
function index(){
    $data['main_content'] = 'login_form';
    $this->load->view('includes/template', $data);
}


function validate_credentials(){
    $this->load->model('membership_model');
    $query = $this->membership_model->validate();
    if($query){//if credentials validated
        $data = array(
            'username' => $this->input->post('username'),
            'is_logged_in' => true
            );

        $this->session->set_userdata($data);
        redirect('site/members_area');
    }

    else{//If not validated re load login form
        $this->index();
    }
}

function signup(){
    $data['main_content'] = 'signup_form';
    $this->load->view('includes/template', $data);

}

function create_member(){
    $this->load->library('form_validation');
    //field name, error message, validation rules
    $this->form_validation->set_rules('first_name', 'Name', 'trim|required');
    $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required');
    $this->form_validation->set_rules('email_address', 'Email Address', 'trim|required|valid_email');
    $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
    $this->form_validation->set_rules('password2', 'Password Confirmation', 'trim|required|matches[password]');

    if($this->form_validation->run() == FALSE){
        $this->signup();
    }
    else{
        //create a new row in db 
        $this->load->model('membership_model');
        if($query = $this->membership_model->create_member()){
            //Info entered
            $data['main_content'] = 'signup_successful';
            $this->load->view('includes/template', $data);
        }
        else{
            $this->load->view('signup_form');
        }
    }



}

}

This is the code that should be executed if a session does not exist. It is found in the site.php file.

if(!isset($is_logged_in) || $is_logged_in != true){
        echo 'You need to login to access this page. <a href="../login">Login</a>';
        die();

Any help is much appreciated!

Looks like your constructor isn't being called.

Perhaps it is because it needs two underscores, not 1 :)

function __construct(){
    parent::__construct();
    $this->is_logged_in();
}