Setting session variables

Chuck Anderson <websiteaddress@seemy.sig> wrote:

>Can session variables be set in a plain HTML file (e.g., with meta tags)?
>(I've been looking, and I haven't found a way to do this, so I'm
>guessing it is not possible. ??)
>
>I am trying to control access to images on my web site by setting a
>session variable on pages that contain <img> tags. I have already
>converted to using a php script in place of the image file name as the
>src attribute to serve the images. I'd like the Php script to verify
>that a session variable has been set first. The problem is that these
>HTML files all predate my usage of Php, so they are all plain HTML
>files. That's why I am wondering if it is possible to set a session
>variable in "plain" HTML (I'd like to avoid cookies as they can be denied).
>
>I'm pretty sure that I can use an .htaccess file to redirect all HTML
>files - in that directory - to a php script that sets a session var and
>then redirects to the HTML file, but I wondered if there was a simpler
>method that allows me to set session variables from within a plain HTML
>file.

Hi, Chuck. Yes, what you want to do can definitely be done, but not
without making a few changes. Like everything else you do on the
back-end it increases server load some slight amount, but you may
regain that cost plus a bunch on bandwidth. The details are
nontrivial so I suspect that I might be making a mistake by answering
your first question. <g>

Go here first and you will get the anti-hotlink version,
http://www.ren-prod-inc.com/random_p..._composite.jpg


If you go to the url below you will get the product description then
if you click the picture you will get the actual photo associated with
the above link. If you stop doing browser stuff at that point and do
a refresh, the photo will be refreshed. But after 2 minutes your
session times out and further refreshes will display the anti-hotlink
version,
http://www.ren-prod-inc.com/random_p...duct=pipe_0093

This is done with session variables, though not the standard PHP
variety. I am paranoid about those guys, I've been using their
interpreter for a while now, and if they were to change the format of
stored session data that would break a bunch of code (and it's just
the kind of thing that could happen) so I use a different format.

Anyway, nothing on the referenced site uses cookies or client-side
scripts, everything is done on the back-end.

[I would appreciate not getting a critique of the site's html
conformance, I am not asking for that to be critiqued because it needs
much work that I haven't had time for. I have the base code done and
after building the forms-plugin and the anti-hotlink-plugin I've been
working on the automatic-link-checking plugin and when I get done with
that I need to add membership-products and bill-of-materials handling
and then I might turn the "store" aspect of the engine into a
store-plugin and add some other stuff before starting the CGI rewrite
of the whole bidness. At some point things will slow down enough for
me to worry about html conformance but at present it's the least of my
worries.]

What you want to do can be done entirely server-side. It is not
trivial and using those hokey .htaccess override thingies isn't, at
least in my opinion, the way to go.

I'm willing to try to answer some of your questions about how to do
it, but time is at a huge premium these days. Here is a url to the
manual section that describes the functionality, perhaps it will
provide a starting point to answer some of your how-to questions:

http://www.ren-prod-inc.com/hug_soft...ction=887NP4G3

Oh yeah, then there's the doc, gawd knows when I'll ever get that
completed. Have faith Chuck, you can do it, it's just not trivial.

--
contact via http://www.ren-prod-inc.com/hug_soft