I've created an authentication page (index.php) that logs into an LDAP
server, then points you to a second page that some folks are intended to
use to request apache redirects from the sysadmin group (redirect.php).
Everything works great so far, except if you pop the full URL of
redirect.php into your browser you can hit the page regardless of the login
process on index.php.
How can I limit redirect.php so that it can only be reached once you login
via the index page?