I hope this is not a dumb question, but I am reasonably new to php so be gentle if it is.

I am writing some software to maintain a users online session over https. They have logged in via my own mechanism, and are therefore allowed access to the https section of my server.
I am using the session_start() function to generate a unique session id and set it in the session cookie on the users' machine.

Everything works fine, but I want to be able to detect and respond to the user performing item 'C' in the following sequences.

situation 1 --------------------------------------------------------

A) user logs in fine.
B) user is in the secure part of the server.
C) user types in another url in the address bar and goes to some site outside of the secure server then presses the back button on their browser to come back.

- the user should still be able to use the back button of their browser within the secure session though.

-or-

situation 2 --------------------------------------------------------

A) user logs in fine.
B) user is in the secure part of the server.
C) user attempts to open a second browser window during the same session. They should only be allowed one browser window at a time in the secure area.

-----------------------------------------------------------------------


I can't think of a way to do those things with the information available to me, but I know it is possible since I log into systems that do have these properties/behaviours.

Maybe I have to configure apache or SSL to take care of these things? Any ideas or advice would be helpful.

Thanks.

Todd