4

I'm attempting to implement a way to stop hotlinking and/or un-authorised access to resources within my app.

The method I'm trying to add is something I've used before in PHP apps. Basically a session is set when the page is first called. The images are added to the page via the image tag with the session value as a parameter:

<img src="/files/image/image1.jpg?session=12345" />

When the image is requested the script checks to see if the session is set and matches the provided value. If the condition is not met the serving page returns null. Right at the end to the code I unset the session so further requests from outside the scope of the page will return null.

What would be the best implementation of this method within the lift framework?

Thanks in advance for any help, much appreciated :)

jahilldev
  • 3,520
  • 4
  • 35
  • 52

1 Answers1

0

You could use a SessionVar for this purpose. In the SessionVar you’d store a Map[SessionImageId, RealImageId] and upon initialising the Session (i.e. when the page is first loaded) you’d generate some random SessionImageIds which you would map to the real image id. In your html you only expose the shadowed SessionImageId so no-one could trace back the image from the id. When the image is requested, you’d simply look up the real id in the Map.

Info: Exploring Lift, Lift wiki

Of course, if shadowing the ids is not important, you could simply use a SessionVar[Boolean].

Debilski
  • 66,976
  • 12
  • 110
  • 133