Thanks rehfeld,
I am setting $_SESSION['logged_in'] = true
I've been trying all afternoon to get this but I am determined not to fail. I think maybe my script is becoming out of control so I am trying to clean it up.
I tried files inside the doc root and outside it with unreliable results. At the moment, firefox shows images on my localserver but IE6 doesn't...once again, maybe my fault.
I will try your htaccess suggestion and see how it goes.
Brad
Preventing direct image link?
Moderator: General Moderators
your checking if it is equal to string true, but it is prob boolean true
and if you getting erratic behavior betyween browsers, it is usually a cookie problem, which translates to a session problem
are you using subdomains?
also, are some of the links on your site like:
http://example.org
while others have www in them like:
http://www.example.org
BOTH of those situations can require special session settings
Code: Select all
<?php
// if this is how your setting it:
$_SESSION['logged_in'] = true; // no quotes around true
// then to test it
if (empty($_SESSION['logged_in'])) {
exit;
}
// just make sure you dont set the session var at all unless they are logged in,
// no $_SESSION['logged_in'] = 'false'; kinda stuff
// or if you want to be more strict
// notice how im not comparing it to 'true', im using true
if (empty($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
exit;
}
// also notice the use of !==
// that makes sure it is of the same data type.
// so the only way it would pass that test/check is if its of type boolean
?>are you using subdomains?
also, are some of the links on your site like:
http://example.org
while others have www in them like:
http://www.example.org
BOTH of those situations can require special session settings