That's what I thought, I just wanted to make sure I'm on the right path :)
Thank you
On 5/31/09, Michael A. Peters <mpeters@xxxxxxx> wrote:
>
> Nitsan Bin-Nun wrote:
>
>> What do you mean by session variables?
>> I should register a new session and pass it along with the file to the PHP
>> wrapper?
>>
>
> Yes - in the page that links to your downloads you can do something like
>
> $_SESSION['download']=TRUE;
>
> then in the wrapper -
>
> if (isset($_SESSION['download'])) {
> $allowed=$_SESSION['download']
> } else {
> $allowed=FALSE;
> }
>
> the check the $allowed variable.
>
> Only way the file will be sent is if they have been to your site that
> creates a session for them and sets the $_SESSION['download'] variable to
> TRUE.
>
> You can check whatever you want from the session variables.
>
> For some of my files, I check the userid in the session variable and make
> sure the user is allowed to download it. If they aren't, they get a 401
> forbidden header and page.
>
