John Allsopp wrote:
Well no they are not logged in, it's just an embedded iframe so that's
my main issue with my method, anyone could look at the web page source,
pinch the URL of the iframe and they'd have the username and password.
I think the only way to do it is to make a key per referring url and use
the key as a get variable.
Either the referring url matches the key or it doesn't.
That should work with an object/iframe embedding of a resource, browsers
by default send the referrer header.
A user may turn that off in a browser, but if a user turns that off, the
user is denied the resource because they changed a default setting. Kind
of like how I don't get some resources when I turn JavaScript off.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
