I've cloned my site to my dev area and created a new event and upload two files via backend upload. One pdf file and one zip file (which contains the pdf file).
There is a crucial difference between the original page and the test page. On the original page I force the use of https via server configuration (not Joomla Configuration!). On the test page the download works as long as I access it via http. If I switch to https there, the download won't work there either.
Thank you for your pictures.
As it look, you configure the force-ssl on the server via the web-interface of your webhosting provider?
So a first problem description may be:
If you are on the https page and you click on the download link, something is requesting the pdf via http. Following that, either now the session token is wrong, or the browser blocks the download cause of unsecure connection. I think the problem with the token is more likely.
Yes, I force the using of ssl via the server configuration from my webhosting provider.
You can access my test site with or without ssl. When your accessing it with ssl / https, you'll have the same error when downloading the attachment. So the forcing should not be the problem, the encryption seems to be the problem.