1

Flow:

  • User fills a form with an email and gets a passcode.

  • I generate and store this passcode (checksum_code) in the session using session()->set(...).

  • Then I redirect() the user to a verification page.

  • On that page, I match the submitted OTP with the value from the session.

Issue : Even though I can see the session is set correctly in the GET request after redirect, when I submit the POST request to verify, the comparison fails and I always get an "Invalid passcode" error - even when the entered code is correct. Plus outside the if condition i do get the sessions but when the if condition passes the session displays null when i tried to print using dd().

Route

$routes->match(['get', 'post'], '/account/verify-registration', [UserAuthenticationController::class, 'verifyRegistration'], ['as' => 'verify-registration.user']);

Form

 <form action="<?= route_to('verify-registration.user') ?>" method="POST" novalidate> <?= csrf_field() ?> // code... </form>

Function for redirecting towards verification -

private function handleUnregisteredEmail($email) { $post = $this->request->getPost(); if ($this->checksum->check('front-login-email', $post['checksum_code'])) { $user_otp = strtolower($this->checksum->randomText(6)); $this->userModel->insert([ 'user_email_id' => $email, 'user_verify_code' => $user_otp ]); session()->set([ 'verify_user_id' => $this->userModel->insertID(), 'verify_user_email_id' => $email, 'checksum_code' => $post['checksum_code'] ]); $this->checksum->mark('front-login-email', $post['checksum_code']); session()->close(); return redirect()->to(route_to('verify-registration.user')); } $this->validator->setError('failed', 'Something went wrong, Please try again.'); return redirect()->back()->withInput()->with('validation', $this->validator); }

Function for verification -

public function verifyRegistration() { if ($this->request->getMethod() === 'POST') { dd(session()->get()); // print // code... } else if($this->request->getMethod() === 'GET') {..} }

What I've Checked:

  • I confirmed that ci_session is present in cookies with status 303.
  • Session files are also being created in writable > session.
  • Outside "if" condition stored sessions are visible when i tried to get them using session()->get(), but inside if condition, when i used dd() it prints this -
session()->get() array (1) __ci_last_regenerate => integer 1753439916 2025-07-25T10:38:36+00:00 ↧Called from .../app/Controllers/User/AuthenticationController.php:33 [dd()] .../CodeIgniter.php:933 [App\Controllers\User\AuthenticationController->verifyRegistration()] .../CodeIgniter.php:507 [CodeIgniter\CodeIgniter->runController()] .../CodeIgniter.php:354 [CodeIgniter\CodeIgniter->handleRequest()] .../Boot.php:334 [CodeIgniter\CodeIgniter->run()] .../Boot.php:67 [CodeIgniter\Boot::runCodeIgniter()] <ROOT>/index.php:59 [CodeIgniter\Boot::bootWeb()] .../rewrite.php:44

I don't know what to do, i didn't even destroyed any session anywhere....

Improve this question

1 Answer 1

Reset to default
0

Since you said if outside the 'if' condition the session print out normally, maybe can try debug from plain if condition like this :
if(true) {
dd(session()->get());
}

if this return the session data means something wrong in the if condition, maybe is the $this->request->getMethod() returning some weird result and cause it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, but I don't understand why the session isn't accessible inside the if condition, even though it's available outside when I use dd(), even during a POST form submission. The $this->request->getMethod() is only being used there to check the request method 😓.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.