We have several occasions where we allow an authenticated user to upload a file to be displayed on the website. Usually they are attachments to a newsletter, job posting, etc. We upload the files to a subdirectory on our web server and store the filename in the database with the other relevant fields for the entry. Is there a way where I can secure that folder so only authenticated users on my website can access them?
These sites are written in PHP, ASP, and ASP.NET and the authentication is mostly a login page that stores the info in a session variable, and then secured pages check for the existance of the session variable before loading. I'm sure there's a short name for that.