Another similar option is to use a single-use random value (not
encrypted), that gets invalidated after it's served back.
You can save the random value on the (non persistent) session
(server-side), and serve the PDF only if the correct random value is
provided.
Once a random value has been used, it's cleared (single-use).
In any case where the wrong value is provided - recreate a random value,
save it on the session, and redirect to the PDF with it (same behavior
as when the token isn't provided at all).