[eluser]jedd[/eluser]
I put my checks in each controller's constructor, viz:
Code:
$this->_ensure_authenticated_user( "Forum" );
_ensure_authenticated_user() is a function in MY_Controller, of course. If you need to be logged in (authenticated) then it never comes back, and instead redirects to the login page.
On controllers where
some methods are public and some are not - and at the moment only people/login & people/logout are such exceptions - I have the above code wrapped in a conditional that tests the subsequent url segment. Obviously for publicly visible controllers, I simply do not include that code at all.