Could anyone comment on whether the following technique is safe/reasonable for security?
I require users to login. At the login, they enter their username and pass. A query is run against a MySQL users table. If there is a match to that username and pass, I set a SESSION variable to a particular word. Then on the rest of my code, that is, on the code for the rest of my pages, I check to see whether that SESSION variable is set and equal to that predetermined word. If it is, code executes. If it isn't, code doesn't execute, and sends user back to login page.
It seems to work just fine, but was wondering whether this is really a safe way to do it.
Thanks in advance.