99% of site is blocked

[eluser]Sector[/eluser]
I'm working on a site that requires you to be authenticated to do anything at all,
so the first page is the login page.

Okay, then you log in, and I set a variable in sessions (this was safe because server-side in usual PHP, I'm not sure about CI) that says the user is logged in.

Then, how would I handle redirecting to the login page if the user falsely tries to acces something he cannot?

I would probably like to do it in the constructor of the controller. Is this possible/good?

And lastly, since basically all controllers but one will be blocked to unauthorized users, can it be done differently? (without checking in each constructor)

Thank you very much for any responses!

[eluser]ztinger[/eluser]
I suggest you to take a look at some libraries shared by other users, like Freak Auth library, Simple Auth, User base, etc.

You can look for them in this forum and the wiki.

[eluser]Jim OHalloran[/eluser]
I have a similar problem with an Intranet app I developed recently, where the user needed to be logged in to see any part of the site (except 2 pages). Rather than checking for logins in every constructor, I used the Filters System from the wiki. I set up a filter and had it check for a session variable and redirect to the login page if that variable didn't exist. The filters system lets you exclude certain URLs from the filter, so I then excluded the login page itself, and the two other pages. It worked very well for me.