I'd like to protect the images (for example, private photo gallery) with a users log-in. I don't use htaccess (because of usability: you cannot log out, design is shitty, ...) but instead a php/db login + session for authentication. This works well for my own PHP scripts.
However, the photos are note protected if you enter the specific URL (as they would be with htaccess authentication).
The question is: [how] can the photos/images be protected in the same way? It would be perfect to have a rule like "for all images, call 'session.php' first".
Note: I cannot deliver all images via a PHP script (like getimage.php?img=photo123.jpg) because I also use external scripts for the photo gallery, blog etc.
Note 2: One option would be a referral check in htaccess, however there are cases where no referer is sent and the photo should still be shown (because the user authenticated correctly).