Hot links waste our bandwidth and skew the website statistics.

This is a cookie-based defense against hot linking that does not rely on javascript or the referer. This is a more robust approach for some purposes as solutions based on monitoring the value of $_SERVER['HTTP_REFERER'] can break the behavior of certain <embed> objects in IE.

By default the defended resources remain accessible to visitors only during a session in which they have first visited the webpage that refers to those resources. For a quick test, try to view this "hot link" to a defended image. Now try again after visiting the referring site

To test it more fully try this:

1. visit http://michaelthompson.org/gump/
2. bookmark the location of one of the images
3. exit the browser
4. open the browser
   (you may need to clear the cache at this juncture depending on the configuration of your browser)
5. use the bookmark to go directly to the image without first visiting the referring page

Download a copy of the project then extract .chill and chill.php in the directory you want to protect.

Edit .chill to suit your own preferences and requirements. You will at least have to set a value for the variable ipath to correspond to the actual location of the defended resources. The best practice is to place them outside of the webserver's directory structure.

Include code equivalent to the following in the source file that refers to the resources you want to protect. This code must come before any other output as we are going to set a cookie:

<?php @require_once('.chill'); chilled(true); ?>

Edit the tags in your source files such that the resources you wish to protect are prefaced by the call to chill.php like this:

<img src="chill.php?uri=myimage.jpg">

Now you can chill out ;-)