Rather than create a random directory name, create a link name which encodes expire time and possibly a small numeric key for security (serial number or partial MD5 or whatever). It is then easy to expire access by examining the link names, pulling out the expire time and deleting the link as appropriate. That even scales very nicely to selling n days worth of access.
There is a hint "keep track of which one is still valid to be "sold"" that only one user may have access at a time. If that is the case the link name should include the target dir name so you can search (using readdir for example) to see if the material is in use or not.
DWIM is Perl's answer to Gödel