But anyway ... put your .js crap in a .asp file instead. You'll reference it just like you did the .js but with one exception: .asp is dynamic and you can control who can see it.

So here's the idea ... set up a database first. When a visitor comes to a page on your site, immediately generate a random number and write it to the database. Base the number on their IP address or something to keep it VERY random.

Now - when you get to the part where you include the .js (now .asp) file, make it .asp?id=the_random_number

Within the ASP page do a quick check - get the ID= from the querystring and check to see if it's in the database. If it *IS*, delete it from the database and show the content of the page. If it IS NOT, then someone is trying to access the page without being brought there by the proper means - redirect them somewhere else or show them something bogus.

I wouldn't do this with MS Access because of the amount of read/write/delete it needs, would slow it down a lot ... but it would work fine in a SQL database.

Brillant!

Do you see any reason it wouldn't work with a txt file? No particular reason for asking other than I'm trying to grasp as much as I can and I'm still on the learning curve.

Thanks

I'm an MS/IIS guy myself (hence the ASP answer) and I've often changed the server settings to allow .html to execute ASP code as if it were a .asp page.

This isn't necessary, but people will wonder how the hell you're doing it :)

A text file is too slow. I did think of another way you could do this without the database - I'm pretty sure this would work with IIS/ASP, but I don't know if it would work with your OS.

If you have the ability to set a session variable, give this way a try. Your .js page would still need to be .asp for this to work, but roll with me here.

On your main page, set a session variable called DisplayJS and make it True. In your .js (asp) page, look for the DisplayJS session variable. IF IT IS TRUE, set the session variable to FALSE and show the JS code. Every page that pulls that .js file will need to set DisplayJS as True, and every time the JS file will set it back to false.

This would eliminate the need for a database ... if your user tries to go to the page containing the Javascript code, it won't show it to them because the DisplayJS variable is not TRUE. It only becomes TRUE when a web page on your site makes it that way, and it IMMEDIATELY becomes false as soon as the page containing your java code is accessed so they can't surf to it.

Good question and the first one I had when using a seperate "Script" folder for the js files.

When the user looks at the source code for the index page (or whatever pae is calling the js file) what they see is the line of code that calls the js file.

And why the heck would you want to keep .js hidden in the first place?

Probably saving the cache would work, but I figure that would be someone with more knowledge than the casual user.

The reason I am trying to get a handle on how to keep files from being downloaded is mainly because it is something I don't know anything about and it seems to be a good way to learn more about how all the pieces fit together. That and I'm putting email addresses in the js files and trying to make a folder as inaccessible as possible to spam spiders.

I could very well be going down the wrong path and if there are better solutions I'm certainly open.

As for the spam concern: js is most definitely a good tool there. Perhaps that could be another thread... we could see what else people are doing!

When doing a View Source the js code doesn't appear. The only thing that does appear is the call to the external js file. I thought when referring to saving the cache that it meant something else, not "File-Save".

Did not know that.