flashdata not being stored between redirects when using Tank Auth

I was having the same issue and figured out the problem. If you're storing sessions in the database, it will not work.

Tank Auth runs this code from the main library ( $this->tank_auth->logout() ):

$this->delete_autologin();// See http://codeigniter.com/forums/viewreply/662369/ as the reason for the next line$this->ci->session->set_userdata(array('user_id' => '', 'username' => '', 'status' => ''));$this->ci->session->sess_destroy();

Then it runs this code from the auth controller ( $this->_show_message() ):

$this->session->set_flashdata('message', $message);redirect('/auth/');

The problem is that since sess_destroy() was run prior to setting the flashdata, there is no database row to add the flashdata to, so the flashdata never gets set.

At this point there are a few solutions:

Option 1:

Add $this->ci->session->sess_create(); immediately after $this->ci->session->sess_destroy(); in function logout() in application/libraries/Tank_auth.php

This works because you are creating a new blank session where flashdata can be stored. A potential con for this is that you are performing more operations on the database (delete+insert).

Option 2:

Comment out/delete $this->ci->session->sess_destroy(); in function logout() in application/libraries/Tank_auth.php

This works because the session is not destroyed, allowing CI to perform only an update query to add flashdata. This is probably better than option 1 unless you absolutely need to destroy the session.

Option 3:

Set $config['sess_use_database'] to FALSE.

This works because a session is automatically created when it is requested again, as opposed to how it works when you store sessions in the database. Potentially less secure.

In the end, it is up to you to decide which option is best for your application.

if tank_auth does any internal redirects then you may lose the flash data on that redirect request.

Exactly.CodeIgniter documentation specifies here:http://codeigniter.com/user_guide/libraries/sessions.html

=============================Destroying a SessionTo clear the current session:$this->session->sess_destroy();Note: This function should be the last one called,    and **even flash variables will no longer be available**.    If you only want some items destroyed and not all, use unset_userdata().=============================

I've digged into the system/libraries/Session.php file and saving flashdata triggers the sess_write() method which only UPDATES the database as you said.