Security related to controller URL

Hi Php_rocks

my controller code is 
function getQualDetailsHTML(){
$personId = $this->session->userdata('ADMIN_SESSION_PERSONID_VAR');
$qualDetails = $this->qualificationModel->getQualData($personId);
$output = '';

$output        = '<table class="table table-striped">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">Graduation Year</th>
<th scope="col">Institution Name</th>
<th scope="col">Course Name</th>
<th scope="col">Operation</th>
</tr>
</thead>
<tbody>';
for ($getDet =0; $getDet < count($qualDetails);$getDet++) {

$counter = $getDet+1;
$output = $output .'<tr><td scope="row">';
$output = $output . $counter .'</td><td>'.$qualDetails[$getDet]->PASS_YEAR;
$output = $output . '</td><td>'.$qualDetails[$getDet]->UNIVERTSITY_NAME;
$output = $output . '</td><td>'.$qualDetails[$getDet]->COURSE_NAME;
$output = $output . '</td><td><a href="#" class="fa fa-pencil"></a><a href="#" class="fa fa-times" onclick="deleteQual('.$qualDetails[$getDet]->QUALIFICATION_ID.')"></a></td></tr>';

}
$output = $output .'</tbody></table>';
$output = $output .'<div class="col-md-12 text-center"><button type="submit" id="addQualButton" class="btn btn-danger mb-10">Add Qualification</button></div>';

//echo $output1.$output.$output2.$output3;
echo $output;
}


in the view i have the code like 

<script>
function getQualDets() {
$.ajax({
url: "<?php echo base_url().'qualification';?>",
success: function(data) {
console.log(data);
$('#qualification-list').html(data);

},
dataType: "html"
});

};

</script>

In the config file of routes i have 

$route['qualification'] ='qualification/getQualDetailsHTML';


For security reasons i am currently thinking the check of the session variable ie if the session is set it will html else no html. But a problem is there that if the session is set and user copy pastes the url in a different window then the out from the controller will be shown .

Thanks