Hey, thank you for your help @odessite !
I want to have the whole page visible only to people who have „logged in“.
Logged in in quotes because I don’t want them to actually log in via the shopware login, since the data about the users is coming from the external service and is using completely different set of fields (there is no email, there is no user names, no addresses,…). What i’m using for login are 3 fields in a custom table and if user submits the „login form“ that info is looked up in the custom table and if match was found user is „logged in“ - I store their ID to the session and the fun can go on. If the „login“ data were wrong, I redirect back to login page with an error variable set.
For ANY request I just want to check in $_SESSION if that variable is present. If so, then it’s all good. If the variable is not present in session, then I want a redirect to the „login“ page.
So its like a fake, simplified login using a custom login controller. It works well with development mode turned on, but not in production.
If push comes to shove, I might just start digging starting in shopware.php file and finding the first place where I can access the $_SESSION variable and do this check there. But would love to have a better way, since editing shopware files makes the page unupdatable…
Any ideas that could move me to the right direction are welcome. thanks!