Cache-manifest a login-protected page

Question

How can I have a user authenticate and then download an offline application created specifically for them?

I'm creating a public/private key encryption system for offline use and each user needs to be able to login and "download" their encryption/decryption page (app.php) using a form. This form dumps them on their app.php page, served up with a cache-manifest file. The application needs to store their encryption and decryption keys locally to be used via Javascript. Accessing this page (app.php) without any login information should return an error page. Any updates are made via ajax to api.php and stored in localstorage, so physically downloading the page and saving it somewhere won't work (localstorage doesn't work on local files).

Here's my cache-manifest.php file:

<?php header("Content-Type: text/cache-manifest"); ?>CACHE MANIFEST
# v1.2
app.php

NETWORK:
api.php

Refreshing the application after logging in to it (via a POST request) leads to the error page being displayed instead of the browser loading the cached application.

EDIT:

I suspect the POST request has something to do with the lack of caching. Watching firebug during the initial download progress shows:

POST app.php 200 - Includes the application to be cached
GET app.php 401 - The error page - this is being cached instead

Answer 1

The POST request was the problem, so I had to create a unique download link for each user, then redirect them to that link. The link needs to be able to be hit at least twice from the browser, so I gave each link a timeout of 1 hour before invalidating it. The cache-manifest file also had to be modified with the unique url:

http://.../app.php?instanceid=(md5)

<?php header("Content-Type: text/cache-manifest"); ?>CACHE MANIFEST
# v1.2
app.php?instanceid=<?php echo $_GET['instanceid']; ?>


NETWORK:
api.php