I dont want users to access other users profiles. So this is what I'm doing. Is it fine?
<?php
session_start();
if($_SESSION['username']=='ryan'){
header("location:dash.php");
}
else{
location("location:404.php");
}
?>
is this secure?
This is secure if the user can not modify the value of $_SESSION['username'] to set it to ryan; but you forgot the exit after the header('Location:...').
This is an acceptable solution but only on a very small scale. You should avoid hard coding conditionals based on usernames. If the site has anything over 10 users this will become very cumbersome. And you need to make sure the username can't be easily changed be the user.