elftbrm,

The usual (ineffective) solution is to try to block by HTTP_REFERER. It does not work because right-click-saves don't provide a referrer, and neither do requests from media players or bookmarks. But, if you block those blank referrers, then you break your site for visitors who are behind ISP or corporate caching proxies, causing bad user experiences and potentially massive "support" work.

The effective solutions generally require the use of a cookie aet by the page on your site from which users are allowed to access your content, and a script that checks for the cookie before serving that content. A direct link to the script won't provide the proper cookie, so hotlinking won't work.

Jim

Thank you for the reply. Now I understand why the code wasn't working. But it is all still very new to me. Could you please explain to me what a cookie aet is, and how would I go about actually using it.

Thanks

Yes, "a cookie aet" is "a cookie set" misspelled or with a missed-the-key-and-hit-the-one-next-to-it typo in it. Oops! ;)

... effective solutions generally require the use of a cookie set by the page on your site...

Jim

Thanks again...oops, I should have caught that myself. So I would have to set a cookie up and then set up a script that world not serve the content if the cookie isn't present? If this is right, where could I read up about making a cookie for my site. And also making the script. Totally clueless here, but I'm a quick learner.

Well, here's the original recipe for cookies: [wp.netscape.com...]

You can set cookies in many ways; by appending a header on the server side using a script or mod_headers, or by including client-side code (such as JavaScript) in the page you want to set the cookie.

After a cookie is set, the client (browser) will send the contents of the cookie with every request to the server (and only to the server that set it in the first place). The server can then check the cookie for name, scope, value, and validity -- whether it has the proper contents and whether it has expired. This can be done using server-side scripting or even by mod_rewrite. A cookie is nothing more than a small file stored on the client side that contains information to be included in the client request headers sent to a specific server.

There are basically hundreds of ways to set up and test cookies, and so you may want to find the methods that you are most comfortable with and that will accomplish what you need to do. Use a search engine to look for ways of setting and testing cookies with the server and scripting languages you are most comfortable with. There are also several threads here at WebmasterWorld about cookies. There may be tutorials and pre-configured "packaged scripts" you can get or buy... I'm not sure, since I haven't looked.

Jim