|
|
Posted by Sig on 01/05/08 04:54
On Fri, 4 Jan 2008 10:14:25 +0000 Toby A Inkster said
> Sig wrote:
>
> > You overlooked what I said about the session variable. Perhaps I should
> > have mentioned that the session variable is set under password control
> > on a previous page.
>
> No, I did not. The session variable is simply a cookie as far as my
> browser is concerned.
>
> If I've acquired this cookie -- and we can assume that I have, given that
> I've seen the image via an <img> tag (that's the entire premise of this
> thread) -- then my browser can (and by default will!) send the cookie when
> making a direct request for the image.
OK, I now see that our disagreement is philosophical rather than technical. If
we hold the world constant (including session variables) you are correct. If we
want a way to hide an image from unauthorized viewers, then I am correct.
I don't say I solved the OP's problem, he did say
>To put
>it another way, is there a method to allow an HTML script in the document
>root to see and image (or file or whatever) and still prevent access to
>that resource?
I think my approach does that. He said nothing about holding the world
constant, and I assumed it was unauthorized viewers he wanted to prevent.
--
http://koiclubsandiego.org/comment/?r=8
Navigation:
[Reply to this message]
|