Using PHP/MySQL I have a login form. When a user successfuly logs in a session is established and they are redirected to a downloads page. This downloads page checks to ensure the session is established. If it is, then the user can view the possible downloads. One of the downloads is a .exe file. Well, how can I ensure that the .exe link is authenticated as well? For example, what is the user types in the address bar www.website.com/downloads/program.exe
without logging in. Well, in theory they have bypassed the authentication process and are able to get to the .exe.
Thanks in advance.