Problems with automatic downloads and IE security warning

I have the following situation (simplified):

I have a script file.php?file=foo.pdf that is delivering files outside the document root (it has no html, it's just the download push script). Some files are protected by the script - in that case the user gets redirected to login.php. When successfully logged in, a session variable is set w开发者_如何学JAVAith the file the user wants to download. The user gets redirected to home.php where I create an iframe with the download source file.php?file=foo.pdf. When the script file.php starts to push the download it unsets the session-variable.

This works in Firefox, but in IE this gives me a security warning and the download gets blocked. If I click the bar and allow the download IE reloads the page. But as the session has already been unset the iframe is not generated and therefore the file gets not downloaded "again".

IE seems to really launch the first download but aborts its when receiving the headers. So I guess I have no chance to tell if a download has been aborted by the browser.

Does anyone have a solution to this? (I don't want a download button).

---

I may be wrong but did You tried to unset session variable after sending file to iframe? In that case its possible that when IE security check will hold download variable will still exists for next request

---

are you "target" ing an iframe in your download link?

Why don't you target="parent"? without html and a changed mime header ( I assume octet stream or force downlaod ) your page will not be overriden and your download will be successful.

---

After going nuts with this (thanks for the responses, but none of them solved the problem - IE is setting Cookies on the download request, but is blocking the download afterwards), I tend to think the only method to deal with this is to offer a download page where the user can active click on the download link (or at least some kind of download overlay).