- Store the files in a non-public accessible location, but one that can be read by scripts
- write a script that authenticates (logs in) the user; on authentication of the user, the script OPENS the file and prints it to the browser. This is not the same as a simple URL or redirect; open the file and print.
- Make the script check for some sort of expire mechanism - one view, or a time based expire, for example.
Additionally you can password the PDF and supply the pass to the user, but this is not air tight and has been known to be "hackable" for the truly determined.