Unless you've changed the settings, PHP session data is stored in a variation on its own serialize() format in a temporary directory, and it's not easy to get at that without using PHP itself.
unfortuantly, you appear to want the speed of static served files while dynamically authorising each request, which are not really compatible goals. You might comprimise by having a super-light PHP script which you then use mod_rewrite to rewrite requests to files within it to, which passes though things that are fine. Super simple example:
.htaccess:
RewriteEngine On
RewriteMap auth prg:auth.php
RewriteRule (.*) ${auth:$1}
auth.php:
#!/usr/bin/php
<?PHP
set_time_limit(0); # This program needs to run forever.
$stdin = fopen("php://stdin","r"); # Keeps reading from standard in
while (true) {
$line = trim(fgets($stdin));
if (isset($_SESSION['USER_LOGGED_IN'])) {
echo $line\n";
} else {
echo "authfailed.html\n";
}
}
notably, that PHP script is running forever, so you'll need to restart apache if you change it, I think.
This is all untested, but that's roughly the direction I think you'd have to go in.
References: