Expired user still able to download

[TC7]

Try the following:

Log in to the frontend of your site to be able to download (downloads for registered users).

When you click on a link, you will receive the download. That works fine.
Leave this window open and open a new tab or window.

Now in the new windows or tab go into the Administrator backend and 'logout' the user account you just used to test download.

Go to your window or tab in which the frontend of your site is still open and DO NOT refresh the page.

The situation I created here is an example where a user might have logged on to the site and downloaded a file but left his window open. Ofcourse the user will get expired over a certain amount of time.

Now here's the catch!
When I click the download link again I still get the file. Since the user is logged out this shouldn't be happening.

It should check each time when a user clicks on a link, if that user is logged in.

How do I resolve this ? I tried already but either I get a blank page or I can generate an error page using JError::raiseError. But I want a clean redirection or error message.

Any ideas ?

[TC7]

Noone has an idea to fix this?

[PGP_Protector]

I'd bet it has something to do with the cookies.
You logged them out, but their Login Cooking never got reset.