On my very basic website, I am using a Session.php file, which verifies if a certain value of $ SESSION has been set (this value is set after the successful login) and if the inactivity timer expired. If the check fails, the user is redirected to the Logout.php page and from there to Login.php.
I have 2 directory routes that the user can download depending on the login. One for administrators and another for users.
The problem is that, although the verification of the session prevents users who have not logged in from simply changing the URL to enter, they do not recognize if a connected user is in a subdirectory where they can not access.
Question 1. How do I solve this problem? My idea is that I need to find a way for Session.php to know where it is used to be able to compare this with a session value that I give to the user after logging in according to their permissions.
Question 2. I know that this system is probably not the Rolls Royce according to the methods of the session, but is there another method that offers more benefits and at the same time is easy enough for a beginner to implement?
Thank you very much in advance