I recently saw this feature on another site where it would server media files, like uploaded images, only when the user is logged in. It would throw an "ACCESS DENIED" page otherwise.
So, I experimented with curl and realized that based on the cookie value it validates if the user is logged in.
Now, on my site the cookie is in this format JSESSIONID=BB053D82D4FBA3AA62892A05782A7E77;
Now, Is there a way where I can make Apache verify the cookie value and then serve the media content for my site?
I know I can use RewriteCond and RewriteRuleto redirect all media content to a servlet which can authenticate the user and then send the content as response.
But I wanted to know if there is a way where only Apache can handle it.
