I have a .htaccess restriction file used for preventing hotlinking. But I have been wondering how can I limit the file download to the users only when they are logon to the site.
HTTP authentication or sending requests to files to a server side script that acts as the controller (through .htaccess and mod_rewrite) and sending a forbidden status if the user is not logged in.