Suppose a person bought a course, a download link appeared, he clicked download ... 1. If you do that, you can click on the link only once, and if the person did not download the file (the Internet was gone or something else). 2. If you make a temporary link (say for 1 hour), then he can upload it and be able to download everything ... In general, how is this implemented correctly?

  • Well, no one forbids giving a link for an hour but taking into account ip or sending a link to the mail and linking it for an hour but to email .... that is, additionally binding something that can identify a specific user - Alexey Shimansky
  • o as an option, see the headers from which mail the user came in and save, and then check the data .... I understood .. - bsbak
  • Even not so .. it is necessary on the contrary .... you save a hash in the database and to which email user it belongs ...... only registered users can download .... and if the link was opened by a guest (not registered) or user, but not with that identifier - it is a cookie to him ......... at least exposing what only registered ones can download - you already cut off a part .... - Alexey Shimansky

2 answers 2

To download

  1. the person must be logged in to the site;
  2. he is affixed cookies;
  3. link lives for a limited time.

When requesting a link, the validity of the link and the presence of cookies is checked.

That does not negate the likelihood that the downloaded file is immediately uploaded to the torrent tracker. Therefore, for protection, you can put a unique client number on the video with a watermark to know who will then write angry emails that he will ignore :)

Ps in one project, I made a distribution of video by RTMP stream through Amazon CloudFront - temporary viewing links were also created, there was no cookie , the video was streamed, and it is relatively difficult to save compared to file uploads.

    Make user authorization, write down in a certain table of purchases and store in this table the field which book you bought and user ID. When the user returns to the shopping page (user), he will be able to see what he bought and re-download.