Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 8 days ago. Improve this question I'm currently implementing protected downloads on our site - users provide their email + some other details to receive a download. At the moment our solution relies on downloading a cookie to the users device once they have signed up, which the site will check to determine if they can access the file. This is not an ideal solution though - if the user deletes their cookies or tries to access the files from another device they will be prompted to provide their details again. Not very user friendly especially with double opt in enabled (we're using mailchimp to add to a mailing list). Alternatively we could forget the cookies and simply provide a direct link to the file in the signup confirmation email. It would have to be unindexed by search engines and the link to the files could be shared freely, but it would be a more consistent experience for the user. So my question is, what is considered best practise for protected downloads? What solution do you use and why?