E.G.
(edit)
I titled it with readfile, so I should I suppose elaborate
psuedo(ish)code
Code: Select all
$uniqid = $_COOKIE['tracking'];
if (!ValidUserInput($uniqid)) {
unset($uniqid);
}
if (!isset($uniqid)) {
$uniqid = CreateGUID();
}
setcookie('tracking', $uniqid);
header('content-type: image/jpeg');
readfile('test.jpg');Code: Select all
http://notmysite.com/picture.php&image=test.jpgwhat I'm having problems with is if that image is in an IMG tag it will not send the cookeis, is this normal behavior, and where perhaps would be some documentation on the reasons why, I kinda figured it was a security or privacy issue.
But the next thing I can't understand is that the client agent WILL provide previously set cookies to the script, so logging of the uniqid is still valid.
I'm using this in a cross site situation, but Its fair to guess it will not set the cookies if brand Z is in fact the same host.
So once more.
If new user X visits the site and gets the cookie, and then at website brand Z sends him a hotlinked IMG I get the previously set cookie and can log the traffic as X
If new user Y visits website brand Z which sends him the hotlinked IMG - the cookie is not sent, I end up creating a new id butI cannot set one for him. and traffic is still logged under the new id (which gets created each time there is no id present)