While I am fully capable of building a login/authentication system in PHP and MySQL I have never actually stepped back and thought about the way I handle authentication on a per page basis. Generally I will just have a required file that checks for a specific value in a session variable and if authenticated allow the page to continue or if the authentication fails then produce an error.

I am running this on a Virtual Server so sessions themselves should be pretty secure however I am not convinced that this is a particularly efficient system, certainly not as good as it could be, I'm sure.

I don't think posting any code is needed for a discussion on this subject as I am more interested in the theory behind the logic involved.

So, what I am interested in discussing is how do you manage authentication on a per page basis?

Include a file which uses existing cookies/sessions to check authentication?

Utilise a function that checks the database using a session id or something like the users IP or similar?

Thank you in advance for the time you may take in producing a reply.