securing non-php files

I have a site where users are authenticated from a mysql db which then creates a php session variable. At the top of each php file on the site it checks that the session is valid.

How can I adapt this to protect all image and other non-php files on the site? .htaccess comes to mind but I don't think it can check for php session variables...

Is submitting authentication headers the best way of doing this? The site is running on https.

All help appreciated.

ijg0

 

 

 

 

Top