Request values on ASP requested from SRC on another page

[David Logan]

Howdy

I am displaying an image on an ASP page using an <IMG Src=Image.asp>.
Image.asp delivers the image using BinaryWrite. This is done to keep
the images from being harvestable. My problem is I don't want
somebody to be able to come directly to Image.asp so I wanted
Image.asp to be able to get the Image to display from the originating
page.

Only problem is that in Image.asp the Request.Form collection is
empty. Is there some way that I can determine that the request is
coming from one of my pages and not somebody coming directly to
Image.asp.

I know that I could do this with a session variable but I don't want
to enable session state. Does anybody have any ideas?

Thanks

David Logan

 

[Patrice]

You could check the HTTP_REFERER variable that should be provided by most
browsers. It allows to see where is the calling page.

Patrice

 

[Roland Hall]

in message : You could check the HTTP_REFERER variable that should be provided by most
: browsers. It allows to see where is the calling page.

The HTTP_REFERER is not reliable and can be easily spoofed with a proxy.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Patrice]

I agree this is not totally bullet proof but it should allow already to
prevent most direct requests for a minimal amount of work.

 

[Steven Burn]

Have you tried

If Request.ServerVariables("SERVER_NAME") = "<your server"> Then
'// show it.....

etc etc......?

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!