Ken Causey wrote:
It is a precondition script whose goal is to try to prevent access to an image unless you are viewing it embedded within a page of my site.
A simpler solution is just to look at your logs every now and then and bitch at people who are hijacking images ;-)
The closest I've been able to come to this goal is to add a value to the session within the page and check in the precondition script for the image that the value is defined. Although not ideal this works sufficiently.
I think that's about as good as it'll get, HTTP and HTML are not designed to do what you want them to...
Where I'm running into the problem I described above is that I wanted to exempt managers from the check for the session variable. The obvious way to do that seemed to be to check the role of the user.
Indeed, but that's a nigh-on impossible task given the way HTTP and HTML work together...
I welcome any alternatives you can suggest.
Hmmm, why do you care so much about these images being hijacked? cheers, Chris