If you want to limit access then put the pdfs above your public_html and access them via a script. You can add whatever validation in front of the following (which assumes that the name of the PDF file is in $pdf
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header('Content-Disposition: attachment; filename="'.$pdf.'"');
header('Content-Length: ' . filesize("../$pdf"));
if you want the PDF to display in the page instead of being downloaded outside the browser.
Helping others to solve their computer problem at http://www.felgall.com/