I'm planning out an admin section for a web site I'm working on, and security is something I have a question about. Typically, I'd set a
String to session when a user logs in and check for that variable on every "admin page". This works ok, but the session doesn't always die out until they close the browser window (even after I invalidate their session in a logout script).
Can anybody recommend a better way to handle security of a section of my site?