I have a section of a website that is password protected for members only and I use PHP sessions to keep the connection alive between pages. While logged in they have access to a series of internal links to a subdirectory of html files that pop into a new window… however this directory it is not protected. … unless you know the exact URL, you pretty much cant find it… but I am concerned that people are copying the link and sending it to other people who are not subscribers.
Is it possible to setup some sort of .htaccess on a certain directory, in which the user would be prompted for a username and password unless they were already logged in? [B]Meaning is it possible to pass a PHP session username and password to a .htaccess-protected directory? If they are logged in already they see the page/directory, if they are not logged in they get the .htaccess prompt.
Is there a way to do this or can someone recommend a better method of handling this?