I have created a secure login system using sessions & PHP. The user has to enter a username & password to view certain pages and if the particular session has not been set they are redirected away.
I have been told that it is wise to put any includes / sensitive files etc. outside of the document root.
How can I put all of the admin section files outside of the document root but still have them accessible to a 'logged in' user?