hello,

I have some files should be accessed only by the logged in users of a website
I am using php and cookies to make sure only those who have logged in have access to the links to those images. This is a good first step.

Now, I am realizing that those link (such as <img src='http://example.com/image.jpg />) could actually be shared. For instance I could log in and copy the above link and email it to someone and the image would be seen by someone who did not log in.
How can I do to ensure that someone typing the example.com/image.jpg and who did not logged in would be automatically forwarded to another page?

I am using apache 2.2

Thanks

Well theres some good new and bad news.

Good news, what you want is possible. Since you're using PHP create a php file which takes a GET variable which is the file name. Move your images out of the web accessible directory. Set your PHP file to check if the user is logged in, if they're not throw whatever message you want, if they are get the PHP file to take the GET variable, open the related file using readfile() which will output it to the browser (remember to use header() to set the correct mime type) also don't forget to secure your GET input you don't want someone being able to read stuff that isn't an image.

Bad news, there's nothing stopping someone logging in, copying the image and emailing it to someone else.