I'd like to only allow users to be able to click a link once, like this one:
http://www.blah.com/download.php?file=zFZpj4b2AkEFz%2B3O
Each user has an e-mail sent with a unique link and when they click on it I'd like to set a cookie on the SERVER so I know to reject that link's access again.
Any ideas welcome.
Thank you.
Blocking duplicate download could cause issues (especially with internet explorers file blocker that causes a page refresh).
Cookies are the wrong answer because all the user has to do is use a different browser/machine or clear their cookies to redownload.
If you are desperate to do this how about
On the file system create a symbolic link to the real file and name the link the same as the key.
On processing the page request:
On download.php check if the a cookie like AlreadyAccessed exists and if it exists deny the download otherwise start the download of file and set cookie. That's it
Cookies are stored client-side, not server-side, so that's not the right option. If a user deletes your site's cookies, he'd be able to circumvent any check that is based on cookie existence/value.
You could create a file on the server with a specific name when you send the link, and remove it once it's been accessed. If someone tries to access the link a second time, the "flag" file will not exist and you'll know it's a repeat (or invalid) link.
(Would be better with a database though, file-based checks are hard to do in a non-racy manner.)