1

Flow:

  • User fills a form with an email and gets a passcode.

  • I generate and store this passcode (checksum_code) in the session using session()->set(...).

  • Then I redirect() the user to a verification page.

  • On that page, I match the submitted OTP with the value from the session.

Issue : Even though I can see the session is set correctly in the GET request after redirect, when I submit the POST request to verify, the comparison fails and I always get an "Invalid passcode" error - even when the entered code is correct. Plus outside the if condition i do get the sessions but when the if condition passes the session displays null when i tried to print using dd().

Route

$routes->match(['get', 'post'], '/account/verify-registration', [UserAuthenticationController::class, 'verifyRegistration'], ['as' => 'verify-registration.user']);

Form

   <form action="<?= route_to('verify-registration.user') ?>" method="POST" novalidate>
              <?= csrf_field() ?>
    // code...
    </form>

Function for redirecting towards verification -

private function handleUnregisteredEmail($email)
{
    $post = $this->request->getPost();

    if ($this->checksum->check('front-login-email', $post['checksum_code'])) {
        $user_otp = strtolower($this->checksum->randomText(6));

        $this->userModel->insert([
            'user_email_id' => $email,
            'user_verify_code' => $user_otp
        ]);

        session()->set([
            'verify_user_id' => $this->userModel->insertID(),
            'verify_user_email_id' => $email,
            'checksum_code' => $post['checksum_code']
        ]);

        $this->checksum->mark('front-login-email', $post['checksum_code']);
        session()->close();

        return redirect()->to(route_to('verify-registration.user'));
    }

    $this->validator->setError('failed', 'Something went wrong, Please try again.');
    return redirect()->back()->withInput()->with('validation', $this->validator);
}

Function for verification -

public function verifyRegistration()
{
    if ($this->request->getMethod() === 'POST') {
        dd(session()->get()); // print
        // code...
    }
    else if($this->request->getMethod() === 'GET') {..}
    }

What I've Checked:

  • I confirmed that ci_session is present in cookies with status 303.
  • Session files are also being created in writable > session.
  • Outside "if" condition stored sessions are visible when i tried to get them using session()->get(), but inside if condition, when i used dd() it prints this -
session()->get() array (1)
__ci_last_regenerate => integer 1753439916
2025-07-25T10:38:36+00:00

↧Called from .../app/Controllers/User/AuthenticationController.php:33 [dd()]
.../CodeIgniter.php:933 [App\Controllers\User\AuthenticationController->verifyRegistration()]
.../CodeIgniter.php:507 [CodeIgniter\CodeIgniter->runController()]
.../CodeIgniter.php:354 [CodeIgniter\CodeIgniter->handleRequest()]
.../Boot.php:334 [CodeIgniter\CodeIgniter->run()]
.../Boot.php:67 [CodeIgniter\Boot::runCodeIgniter()]
<ROOT>/index.php:59 [CodeIgniter\Boot::bootWeb()]
.../rewrite.php:44

I don't know what to do, i didn't even destroyed any session anywhere....

Improve this question

1 Answer 1

Reset to default
0

Since you said if outside the 'if' condition the session print out normally, maybe can try debug from plain if condition like this :
if(true) {
dd(session()->get());
}

if this return the session data means something wrong in the if condition, maybe is the $this->request->getMethod() returning some weird result and cause it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, but I don't understand why the session isn't accessible inside the if condition, even though it's available outside when I use dd(), even during a POST form submission. The $this->request->getMethod() is only being used there to check the request method 😓.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.