php - Public file just for current session -
i have folder multiple pdf files name of each session number created want user (unauthenticated) can download pdf file corresponding session, without access other files (because folder files public). how can fix this? note: users not authenticated
first, when "corresponding session", mean "to session"?
the first thing prevent directory listing, directory pdfs sitting obviously. can done .htaccess file containing single line:
deny all
next, , assumption talking their session, can write simple html link download pdf, such as
download pdf <a href="/public/path/to/download.php">here</a>.
where download.php server-side proxy service script, such as
<?php define('pdf_repository', '/path/to/dir'); if (session_id() && file_exists(pdf_repository . '/' . session_id() . ".pdf")) { readfile(pdf_repository . '/' . session_id() . ".pdf"); } ?>
here exploit fact server has right read resource despite client cannot, because of deny all restriction set above.
obviously proxy service cutdown example secured lot more that.
Comments
Post a Comment