Can I protect directory without htaccess?

I have a site hosted on a shared server. I have some files that I want to let anyone download (public), and some files I only want authenticated users to be able to download (private).

If I protect the private directory with htaccess, users that have already logged in will have to enter credentials a second time when attempting to download files from the private directory - when htaccess pops up the browser dialog. Is there a way to allow authenticated users access to the private directory based on the $_SESSION that I've created for them when they authenticate?

If I could protect files and/or directories based on $_SESSION variables, that would be great - but I don't know if this is possible. Can someone point me in the right direction on this? How do I let authenticated users download freely while preventing unauthenticated users from accessing the private files?

Thanks in advance.

 

 

 

 

Top