I have developed a simple security scheme that stores a cookie on the users
machine and then uses a small script at the top of each page to check that
cookie for authorization before serving the page. The problem I run into
is that I want to return a .PDF file to the client but obviously I can't
put my code into the file. How can I make sure that a user has access to
a certain .pdf (or any binary file for that matter) without resorting to
NTFS permissions?

Thanks

Dana