you need to add a session checker to everything...
if([user is not logged in])
Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.
So I created secure.php and also in my apHome.php script, i added the code snippet you told me to...and when i typed the direct link into the address bar to open apHome.php....I am getting the "Internet Explorer cannot display the webpage" message..so this is how it is done? the hiding/protection of the page "apHome.php"?
I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...