Generating Private, Unique, Secure URLs

Question

I\'d like to generate a secure one-click-access type of url similar to the examples below. I\'ll be using PHP but that is irrelevant as I\'m just looking to understand the under

Answer 1

If you want to ensure that the URL is both unique and can only be used a limited number of times:

• Keep a small database with fields like: RandomKey, InternalURL, Counter, TimeStamp

• Create a random number out of a large enough pool.
  Non Sequential GUIDs should be sufficient

• Save it in your database as the RandomKey, along with the actual internal URL or resource code needed by your system to handle that URL and a time stamp.

• When the user clicks or enters a URL, check it against that database: if the TimeStamp is too old or the Counter is too high, take appropriate action (for instance if you want this URL to be accessible for a limited time or a certain number of times).
  Otherwise, just treat the request using the InternalURL and send its result back to the user.

• When the URL has been used or has reached its maximum use counter, then just delete it from the database so it can not be used any further.

This is great to give you one-time URLs that are practically impossible to guess.

Of course, you must also implement some security checks to limit the rate at which people can try to access an invalid URL.