I'm relatively new to PHP, and I just wanted to pick the brains of you more experienced PHP developers out there. Imagine this scenario:
1) When a person logs in successfully, a variable with a value is set in the session, like maybe $_SESSION['key'] = '8asdf3134jdfk;"; only upon a successful login will this occur, nowhere else.
2) From this point on, at the very beginning of EVERY page will be PHP code that checks for the presence of a session AND the presence of this 'key' variable and its value.
So I'm thinking, even if a hacker managed to fabricate a session, he won't have this 'key', and hence, any PHP in my application simply won't run.
Is this a valid security strategy? If not, please explain. Thanks.