您不会跟踪未登录的用户，而是跟踪已登录的用户.因此默认情况下，每个人都可以获取链接，因为您必须等待xx秒.如果清除cookie并开始新的会话，则您仍然是默认用户.

You dont track who is not logged in, you track whois logged in. So by default everybody gets the link for you must wait xx amount of seconds. If you clear cookies and start a new session, you are still a default user.

现在，当有人登录时，您可以输入经过身份验证的会话.然后在页面上显示您检查的链接.现在，如果该登录用户清除了他的cookie，他将再次成为默认用户，直到他再次登录.

Now when somebody logs in, you can put in the session that he is authenticated. Then on the page to show the link you check that. Now if this logged in user would clear his cookies, he would become a default user again untill he logs in again.

//not actual php code
if (authenticated) {
  //show direct download link
} else {
  //show link after xx seconds
}

如果您不想使用会话来跟踪已登录的用户，则可以使用其他方法，但大多数情况下并不需要，甚至不太安全.另一种方法是使用authenticate header或将信息保留在查询字符串中.在我看来，这两种方法都不太安全，但可以使用.

If you dont want to use session to keep track of logged in users, there are other ways, but most often its not realy needed or even less secure. Another way could be to use the authenticate header or keep the information in the query string. Both are less secure in my opion, but could be used.

现在，如果目标是阻止免费用户下载两个文件并需要等待第二个链接，则还可以通过将用户信息组合到某种哈希中来进行有根据的猜测，以确定其是否为同一用户. EG用户代理，IP地址，位置.这不会是100％准确的，但可以让您了解一个无需会话即可返回的免费用户.

Now if the goal is to prevent free users from downloading two files and need to wait for the second link, you can also make an educated guess if its the same user by combining user information to some sort of hash. EG user-agent, ip-address, location. This will not be 100% accurate, but could give you some idea of a returning free user without sessions.