[albatross-users] Newbie question
Andrew McNamara
andrewm at object-craft.com.au
Fri Jul 4 20:52:09 EST 2003
>I can do it the bad way by generating an expression that is an img tag
>such as "<img src=.../genimg?imgtype=1&var1=foo&var2-bar>". This
>involves going through the locals and generating the arguments from
>that - and adding some other ones, in this case imgtype.
That suggests to me that you're using the hidden field session mixin -
if you use a server side session mixin, the session will be available
when the image is loaded (just be aware that the browser will probably
try to load multiple images at the same time, resulting in multiple
processes accessing the one session, which can cause a mess).
A similar problem occurs in applications using frames - it can be done,
although more care than usual is needed (all frames dispatch through one
albatross page, with a hidden field in each frame signalling to the app
which is being loaded).
The alternative you suggest is okay - I've used it in apps. If security
is a problem, you can use md5 hashes to create a hard to guess expression.
Greg Bond's suggestion is also a good one which I've used in Albatross
apps before: the main application generates all the images and places
them where they can be fetched as htdocs (rather than cgi). Again, md5
hashes can be used to obscure filenames. Some mechanism will be needed
to clean the files up after use (older than 5 minutes, etc). This option
will result in less load on the web server.
--
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/
More information about the Albatross-users
mailing list