So I am building an extranet.

My sessions are working correctly if the session username and password are not set correctly.

But once logged in, I have direct links to .pdf's and .doc's that are company sensitive. I am not sure how to make it so if they close the browser and copied the URL, that they just can't copy and paste it back and get right to the documents.

Is there a way to embed the pdf's in a php page or some other secure method?