Hi,
I have setup a file that is located outside the public html folders and use drupal's private file download method. If I'm not logged in and enter the url of the file, I get "403 Access Denied", which is correct.
Now I log in, start the download, stop it halfway through and then log out of my drupal site. Now I resume the download and it still continues. This works even if I close my browser, restart it and then resume the download.
Somehow I would expect that resuming the download should not be possible once I have logged out. Or is this an incorrect expectation?

Comments

pomliane’s picture

Status: Active » Closed (won't fix)

This version of FileRequest is not supported anymore. The issue is closed for this reason.
Please upgrade to a supported version and feel free to reopen the issue on the new version if applicable.

This issue has been automagically closed by a script.