Authentication user on another server then access to download file

Question

I have 2 servers for one site. First server have php and mysql but second server only have php (is download host). My site is about selling videos and because the first server is restricted (Monthly traffic and space), I need to upload videos on second server. All videos must be have dynamic link and all links must be disposable.

Example:

1. User1 bought video abc, this user have below link to download: http://example.com/1enewk3hd (refers to http://example.com/files/video_abc.mp4)

2. User2 bought video abc, this user have below link to download: http://example.com/sddfse445 (refers to http://example.com/files/video_abc.mp4)

3. Users must be can't download video by real link http://example.com/files/video_abc.mp4

My Questions

1. Is able this scenario on 2 server (without mysql) by PHP and htaccess?

2. If yes, Please guide me what's the best way to authentication user on second server then access to download file (without mysql)

3. On some sites, When user logged in on server 1, can download from server 2. If logout from server 1, then can't access to server 2. How do this? We can't use session from server 1 on server 2!

Answer 1

Let the first server do the authentication. Create on the first server links, which are valid for x minutes. Protect that link for manipulations with a hash.

hash=sha256(validuntil+shared secret on both servers)

Sample: https://server2/video_abc.mp4?validuntil=2017-08-07_160000&hash=ABC123EF5244

(in my sample i would also use mod_rewrite for a nice url)

Now redirect the client to the new server with the generated link. A php script validates the query parameter "validuntil" and "hash" by using the shared secret. then check if validuntil is expired or not.

if not stream the file. do not place the streamed files into the webroot. They are send by the php script with readfile or by your webserver if you are able to use x-sendfile header.