I have a database that has login information (such as username and password) that is used to allow the user to get to some pages and documents that are otherwise restricted. How do I make sure that these documents are not accessed in any way other than the login screen? I know this has to do with managing user sessions. Please point me to any related literature.

Originally posted as a Categorized Question.