Daniel Solin at ONLamp has a cool little PHP tutorial up about creating one-time URLs. The concepts and code are clear, but I think the best part of the article is the Summary/what to do for a live implementation:
This article has presented a quick tip of how you could generate URLs that only can be used one time. It should be said, however, that for a real implementation of this function in a business environment, there are a few additional considerations to take. When the number of active keys grows past a few hundred, is it a good idea to read the whole file directly into memory? Is it wise even to store them in a plain-text file in the first place? Maybe a MySQL database would be a better choice? Additionally, consider the possibility of getting tokens “hijacked” directly from the
urls.txtfile. For getting this 100 percent secure, you either need to protect the file by setting very restrictive permission on it, only allowing the user executing your PHP scripts to read it. Or, you can simply dump the plain-text solution, and convert to a SQL-database instead.