<?php
// assumes you have set the session variable logged_in to a boolean value depending on login status
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false) {
	$_SESSION['user_agent'] = (isset($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : '';
} else {
	// if the user agent doesnt validate, destroy the session and force relogin
	if (!isset($_SERVER['HTTP_USER_AGENT']) || $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) {
		// destroy
		session_destroy();
		$_SESSION = array();
		if (!headers_sent()) {
			// set a flash and redirect to the login page
			header('Status: 200');
			header('Location: ' . urlencode('/login'));
			exit;
		} else {
			// throw an error message 
			exit;
		}
	}
}