Jeremiah Grossman and I got to talking today and he reminded me of an old conversation we had had months ago around a way to detect the state of a user who is authenticated on a site. At the time it felt very academic and I didn’t really feel like following through with it, but certain events have made me realize this is slightly more prevalent than either of us had originally thought. You can use files on sites to detect the state of a user.
The sample code is simple enough:
<IMG SRC="http://somesite.com/members/protected.jpg" onerror="alert('not authenticated')">
Let’s assume you have an image that’s inside the members directory as seen above. If the user is authenticated they can see the photo, if not, they can’t and are redirected to a page where they must authenticate. If that’s the case you can automatically detect if the user is logged in. The same holds true if the image changes to say something like “Hello, Bob!” once the user logs in. You can detect the size and use that to verify that the user is logged in.
You can take it further by looking for scripts that are hidden behind protected directories. Admittedly I’ve never seen anything like that, except in basic auth situations but I’m sure there are examples out there. But here’s where the story ends. Neither Jeremiah or I could think of anything off the tops of our heads that would allow this technique to be more prevalent. Ideas?