Personally, I like to use flow control for the entire section that I want protected.
For example;
PHP Code:
<?php
session_start();
if (isset ($_SESSION['logged'])) {
// do logged in stuff
} else {
// not logged in
header('location: login/main_login.html');
}
?>
Since the header() function just sends headers to the browser, there is probably a way to block or manipulate that data (though, I'm just guessing here) so if that were the case, your script offers no protection. My script displays the logged in stuff ONLY if they are logged in.
Remember that when you are making scripts such as these, always code as if every user is a malicious user and will attempt to use the script in ways you didn't intend.