Library doesn't check activation status at each request and it's possible to be logged in after deactivation of account

[gienq]

Which branch are you using? 3

What commit hash are you on? latest

What CodeIgniter version are you using? v3

What PHP version are you using? PHP 7.4

Describe the bug If you deactivate the account (even own, currently logged in), Ion Auth library will keep the session state and the user is still logged in until logout.

To Reproduce Steps to reproduce the behavior:

1. Deactivate the account
2. User is still logged in.
3. This state remains until logout of user.

Expected behavior For security reasons and good order library should check the activation status at each request (visiting new page, reloading)

[benedmunds]

Hey @gienq

You can add this check to your site if you'd like by querying the user on each page load and checking their activation status. We don't do this by default in the logged in check because of the performance impact, since not all sites need it.