here is a quick and dirty way:
create an .htaccess file (assuming apache).
insert this:
Text Formatted Code
SetEnvIf Cookie ".*gl_session.*" GL_LOGGEDIN_USER
Deny from all
Allow from env=GL_LOGGEDIN_USER
not totally secure, but a start.
if you change $_CONF['cookie_session'] from the default "gl_session" at any time then use the corresponding value in the .htaccess file.
snagged that tidbit off portalparts--keeping peeps out of the download dirs when using the filemngment plugin.