I want to make a website lets say http://www.mysite.com but before they view it, they have to login with username and password (those are stored in a DB). It doesnt matter if they access http://www.mysite.com/hello http://www.mysite.com/hello.html or http://www.mysite.com/hello/something/j.php ect the first time they access, they have to login, else they cannot view any content at all.
Once they are logged in, Im thinking of 2 alternatives (depends on which is more easy to implement and when has better security)
1: Once they log in, in a DB the date/time they login is stored. If in say 5 minutes, they dont do anything on the site, they have to input again their username and pass. If they do, the NEW date/time is stored and sofore.
2: A simple cookie that expires in a hour (or whatever time)