仅向上载它们的用户显示媒体文件

I need to display on my website media files. For pictures no problem, but for .mht I use iframe and for docx,xlsx,pdf I use google viewer. The display occurs in a session protected page. The files are in a folder protected with htaccess:

order deny,allow
deny from all
allow from 127.0.0.1

By doing this way the iframe and the google viewer fails to access the files as they aren't authorized.

One solution I was thinking would be to detect user ip and add following rules to the htaccess:

allow from google.com
allow from 'user_ip'

But anyone with a google compute engine account could sneak in.

I could use rewrite engine:

 RewriteEngine On
 RewriteRule ^myfiles/([^/]*)^.pdf$ /index.php?file=$1& [L]
 Options All -Indexes

And check the user session in index.php, but my iframe and the google viewer are added dynamically through Ajax calls...

I could also make a temporary copy of the file to a publicly accessible folder. But anyone could just snif this folder and after a while get the whole collection of the files viewed through this.

Any idea on how to restrict access to these files to the users with a valid session only launching an iframe or a google viewer ?