PHP/MySQL + protect directory

Hi there

I’m currently working on a closed site. The idea is to allow people to sign-up and log-in to the site, storing the members in a MySQL database. That part is working just fine.

However, as I’m using $_SESSION to allow or deny users access to the site, directories aren’t protected, so if I upload say a .pdf file anyone with the url could download it.

The question is: Should I use .htaccess to protect my directories? And if yes, how do I use my $_SESSION in the .htaccess code (if that is even possible)?

Thanks a lot