Send Headers + Display Image

Question

I don't think this is possible but I'm going to ask here and see what people think. Programming language is irrelevant (I'll use PHP for this example), I just would like to do this someway.

I have a file on one of my domains (different server) and in a PHP file (for example) I need to somehow inlude that file (probably using header(Location:)) so that the cookies from it are set on the users browser, and then display an image afterwards/before using either the GD library or file_get_contents.

Answer 1

I guess what you want to do is protect your images from being accessed when somebody is not logged in. Your setup seems to be a.com/session.php needs to check authentication for an user to access b.com/image.jpg. I don't think this is possible in the way you described it.

What you can do:

• Put session.php and image.jpg on the same file system and read image.jpg through session.php. Bad PHP overhead here!
• Use a more cryptic file name for b.com/image.jpg that cannot be guessed easily. The file will can only be accessed by somebody who knows the url. All the big guys do that (facebook, flickr).
• Install a second authentication mechanism on b.com (e.g. HTTP basic authentication). HTTP-Redirect from a.com/session.php with appropriate headers. This is also PHP Overhead and an additional HTTP request for the user. Not sure if this works in all browsers for embedded images.
• Install user certificates and authenticate users over HTTPS at b.com.

There is certainly more, but you should probably go with cryptic and long file names. They are easy to implement and once a trusted user has seen an image, he can do whatever he likes with it e.g. upload it somewhere else. Your images aren't safe if you put them online for others to see anyways.