php - Public file just for current session -


i have folder multiple pdf files name of each session number created want user (unauthenticated) can download pdf file corresponding session, without access other files (because folder files public). how can fix this? note: users not authenticated

first, when "corresponding session", mean "to session"?

the first thing prevent directory listing, directory pdfs sitting obviously. can done .htaccess file containing single line:

deny all

next, , assumption talking their session, can write simple html link download pdf, such as

download pdf <a href="/public/path/to/download.php">here</a>. 

where download.php server-side proxy service script, such as

<?php define('pdf_repository', '/path/to/dir');  if (session_id() && file_exists(pdf_repository . '/' . session_id() . ".pdf")) {     readfile(pdf_repository . '/' . session_id() . ".pdf"); }  ?> 

here exploit fact server has right read resource despite client cannot, because of deny all restriction set above.

obviously proxy service cutdown example secured lot more that.


Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -