Hi, I have created a small website members area - this is protected using php session variables so to access it a variable user_id must exist in the session. However I have a directory on my webserver that holds documents that I want to make accessible only to users who have logged in however because this directory contains word documents nothing stops someone from finding the url i.e. http://www.mydomain.com/private/some_privat_file.doc and downloading this file! I need a way to make this file only accessible to users who have a user_id in there session - is this possible? Or is my only alternative to password protect this directory using the webserver and force users to re-authenticate in order to download there files?
Cheers
