On Fri, 2003-09-05 at 07:47, Chris Withers wrote:
Ken Causey wrote:
Indeed, but that's a nigh-on impossible task given the way HTTP and HTML work together...
I don't understand why. In the past I have made such checks in DTML and ZPT pages and it seemed to work fine. Is it not a common task to have a page that has different behaviour based on the roles of the user?
HTTP is stateless. It has no notion of whether or not the request for an image is within a page or not. Yeah, you can set a session variable or some other sort of cookie, but if your image is anonymously viewable, that may well not help you.
Thanks for your continued explanation. Now that I think about it the example that I'm thinking of required authentication to view the page at all which explains why role information was available. In this case as you are aware I'm trying to have a mixture of anonymous and authenticated and clearly that's where I'm running into trouble. Sorry for my slow understanding. Ken
Chris