Heyo! Take a look at the raw HTTP traffic. At a command prompt type "telnet yourhost 80" then type in "GET /chart.taf?id=123 HTTP/1.0[Enter][Enter]" (you probably won't see your own typing.) You will get back the unadulterated headers and document, and it will probably be obvious what's going wrong.
BTW, there is also a sys$encodeResults setting that I think needs to be false so you can return chars > 127. -----Original Message----- From: David Shelley [mailto:[EMAIL PROTECTED] Sent: Friday, September 07, 2007 1:42 PM To: Witango-Talk Subject: Witango-Talk: Secure Images Hi, I'm building an application where sensitive information is being stored in jpeg images. The user can see his own jpegs, but I don't want him to be able to guess other users jpeg filenames and see their images. So we're storing the jpegs outside the webroot and using a taf file too retrieve them based on user scope variables and access rights. I think I'm having trouble with the http headers. I'm getting back a broken image in the tag <img src="chart.taf?id=123"> The chart.taf file does a search action to get the file path, reads the file, sets the header and returns the result. The code looks like this: <@exclude> <@assign request$httpHeader value="HTTP/1.1 <@HTTPSTATUSCODE> <@HTTPREASONPHRASE><@CRLF>Content-Type: image/jpg<@crlf>Content-Length: <@length <@var request$jpgFile>><@crlf>Content-Disposition: attachment; filename=<@dq>chart.jpg<@dq><@crlf><@setcookies><@userreferencecookie><@crlf ><@crlf>"> <@purgeresults> </@exclude><@var request$jpgFile encoding=none> I've tried a number of permutations of the code above, including the cookies, content-disposition, length, and type values. Can anyone see what's wrong with this code? Thanks. Dave Shelley ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf