How can I enable all files on the server to be downloaded with cookies?

How can I ensure that files on the server must contain cookies in URLs before downloading them? Especially after PHP redirects to a real file (I tried the PHP method, but it cannot meet the requirements, even if the PHP access carries cookies, then redirect to the real file... how can I ensure that files on the server must contain cookies in URLs before downloading them?
Especially after PHP redirects to a real file (I tried the PHP method, but it cannot meet the requirements. What I need is that even if the PHP access carries cookies and then redirects to the real file, cookies are also required to download Real files)

For example:
Http://gdl.lixian.vip.xunlei.com/download? Fid = 0hR2BkWuxG + yu8/far + tcuZfzsSdkpa5AVaDBXss & mid = 666 & threshold = 150 & tid = Hangzhou & srcid = 4 & verno = 1 & g = Hangzhou & scn = t13 & I = f81530CFAD72E65FCEC49D9296B9015683057B2C & t = 1 & ui = 352085248 & ti = 749121079740928 & s = 27603848 & m = 0 & n = strong & ff = 0 & co = strong & cm = 1 & pk = lixian & ak = 1: 1: 6: 4 & e = 2000000000 & ms = 10485760 & ck = 7D925ECC1C9C2CD1098D37BAE3D249E3 & at = BFBB6AE6FDC257D3BC3A9FDBFAE45212
After cookies are verified, redirect:
Http://vod39.t6.lixian.vip.xunlei.com: 443/download? Fid = vlMMl5rBhEpw40dAJIWIAzFss/hybrid + VWah1LGOGJx68Tey & mid = 666 & threshold = 150 & tid = strong & srcid = 4 & verno = 1 & g = strong & scn = t6 & I = strong & t = 4 & ui = 346853248 & ti = 767920006498817 & s = 893529883 & m = 0 & n = Coding & ff = 0 & co = 907FCD65B217061FF4D04BDEBFBD25D5 & cm = 1 & pk = lixian & ak = 1: 0: 2: 3 & e = 2000000000 & ms = 10485760 & ck = 3C1C62B8C80D6C0C47C833D5A92DEF1D & at = D9AD4F55BC8C22C248A75E6E2459686E & k = 1 & ts =
You still need to bring cookies to download this file.
(The second url does not seem to be in PHP, because the actual address of the downloaded file is this, and no jump or redirection is performed)
(The url is just an example and cannot be accessed)

How can this be achieved?

The server is nginx/linux

Reply content:

How can I ensure that files on the server must contain cookies in URLs before downloading them?
Especially after PHP redirects to a real file (I tried the PHP method, but it cannot meet the requirements. What I need is that even if the PHP access carries cookies and then redirects to the real file, cookies are also required to download Real files)

For example:
Http://gdl.lixian.vip.xunlei.com/download? Fid = 0hR2BkWuxG + yu8/far + tcuZfzsSdkpa5AVaDBXss & mid = 666 & threshold = 150 & tid = Hangzhou & srcid = 4 & verno = 1 & g = Hangzhou & scn = t13 & I = f81530CFAD72E65FCEC49D9296B9015683057B2C & t = 1 & ui = 352085248 & ti = 749121079740928 & s = 27603848 & m = 0 & n = strong & ff = 0 & co = strong & cm = 1 & pk = lixian & ak = 1: 1: 6: 4 & e = 2000000000 & ms = 10485760 & ck = 7D925ECC1C9C2CD1098D37BAE3D249E3 & at = BFBB6AE6FDC257D3BC3A9FDBFAE45212
After cookies are verified, redirect:
Http://vod39.t6.lixian.vip.xunlei.com: 443/download? Fid = vlMMl5rBhEpw40dAJIWIAzFss/hybrid + VWah1LGOGJx68Tey & mid = 666 & threshold = 150 & tid = strong & srcid = 4 & verno = 1 & g = strong & scn = t6 & I = strong & t = 4 & ui = 346853248 & ti = 767920006498817 & s = 893529883 & m = 0 & n = Coding & ff = 0 & co = 907FCD65B217061FF4D04BDEBFBD25D5 & cm = 1 & pk = lixian & ak = 1: 0: 2: 3 & e = 2000000000 & ms = 10485760 & ck = 3C1C62B8C80D6C0C47C833D5A92DEF1D & at = D9AD4F55BC8C22C248A75E6E2459686E & k = 1 & ts =
You still need to bring cookies to download this file.
(The second url does not seem to be in PHP, because the actual address of the downloaded file is this, and no jump or redirection is performed)
(The url is just an example and cannot be accessed)

How can this be achieved?

The server is nginx/linux

The second may be PHP,

The implementation method is verification,

PHP verification: After PHP verification is complete, the file content is output. If the verification fails, the error message or the output is not displayed.

Do not jump to the file directly after verifying that the cookie is valid

It is unlikely that the Application Server rules can be controlled. Generally, the requests jump to the real address after php verification.

Verify first with an interceptor

I used to find someone to use C to write an Nginx extension.
Now we can use Lua for simple implementation.

Nginx can implement x-sendfile and set the download directory to internal.

Http://wiki.nginx.org/XSendfile
Http://kovyrin.net/2006/11/01/nginx-x-accel-redirect-php-rails/