<b>My First Post</b> After allowing login to my site, based on a query, and commencement of a session, I then successfully implement use of a session variable to determine if a user should have access to pages in the site. However, it is possible to bookmark the pages accessed during the session, and later return to them WITHOUT logging in! [shock,horror! ]Did I blink at the wrong time, somewhere? Attempts to find solution:1. I read a tutorial on .htaccess and concluded that I did not want to use a separate username-password file to complement that form of direct, password-based access-control. I want to continue to use a query to a MySQL users table to determine a valid username/password pair.2. I read all the documentation offered with my Hosting Service's CPanel. The option supplying the PHP settings did not reveal anything promising. Also, phpsec.org/articles/ did not help .3. I looked at Cpanel Pear-Extensions 0ption , saw the complex documentation offered , and reversed out, asking "Is there anything else?!!" . 4. CPanel's "Password-Protect-Directories" Option seemed to offer a solution. I created a new user and set passwords on the "includes" and "code" folders, using the CPanel interface, in accordance with the following confident advice:"Password protection allows you to require a username and password to access a folder within your site from the web. When password protecting a folder, there are a few things to remember. Protecting a folder will protect all folders within that folder. Also, you will need to create users who can access the protected directory. You can give the password protected directory any name, no matter what the actual directory is called."This stopped access via bookmarks! Progress! Unfortunately, it also prevents a user from accessing the login element, because it makes a call to files in password protected folders!, like " /code " . 5. None of the many tutorials on the web on access control have helped. My college text: "PHP and MySql for Dynamic Websites", by Larry Ullman, says nothing. I must have missed the lecture the day they explained access control.I searched your W3Schools PHP Tutorial. Nothing. What I seem to need is a PHP script to submit a global username/password combination to the protected folders, once a specific user is logged in, but I don't know what PHP function to use, or even if one exists. How do you read the php.ini file on your provider's server? The Cpanel does not offer much. I have sent them an email but I am impatient over a weekend. They show a configuration list but it does not even include the GD functionality for images. Is that normal? Is this note below (from http://www.php.net/manual/en/security.general.php) relevant?"If you want to use .htaccess file, it should be:<Files "*~">Deny from all</Files>But then don't forget to set AllowOverride All (for the directory in question), e.g.<Directory /var/www/localhost/htdocs> AllowOverride All</Directory>since with the (default?) AllowOverride None the .htaccess files are ignored. "I incl screen shots but did not parse.