I have following measures to secure admin part:
- Inside session I have following parts:
is_logged_in -> This can be 0 or 1
admin -> checks if the user is admin or not (values are 0 or 1)
And before any function inside admin controller or controller that have something to do with administration of the web site I call function to check if the user is logged in and is he an administrator? Is this enough? If it is not, what can I do to make admin part more secure?