First of all, I must say thx to Alexandr for the amazing book, today I finished reading it…
learned a lot from it
to the question
I not sure if cookie is the way to go… how can I make sure no one fake it?
One possible solution
'catchAllRequest' => ( (getenv('Maintenance') && session_start() && !isset($_SESSION['adminSession'])) ? array('maintenance/index') : null ),
Anonymous function would do my life easier but it not working… don’t know why…