First of all, I would like to say that I have used the search box looking for a similar question unsuccessfully, maybe because of my poor english skills.

The way I currently do this is checking in every single page that a session has been opened. If not, the user gets redirected to a 404 page, to seem like the file which has been requested doesn't exist.

I really don't know if this is sure or there's a better and more safety way and I'm currently working with kind of confidential data that should never become public.

Could you give me some tips? Or leave a link where I could find some?

Thank you very much, and again excuse me for kicking the dictionary.