I am currently developing a web application which allows users to upload files to AWS S3. When coming to download the file I follow this process:
Step 1: Send an ajax call to my server in order to get a pre-signed url *The presigned url is created by:
// 1. Creating an instance of an s3 client
$client = StsClient::factory( $params );
// 2. Creating a session token using
$client->getSessionToken();
//3. Getting the file url using the
getObjectUrl();
Step 2: The result of the getObjectUrl is returned as a response to the ajax call
Step 3: Download the file using the pre-signed url which is returned as a response
My problem is that I would like to attach the return url to my current session so that if the url is copied or sniffed, the url will not work in another session such as an Incognito window.**