How to deny direct access to files in AJAX directory

Question

I have several pages that call in content via jQuery .ajax. I dont want the content visible on the page so thats why I went with .ajax and not showing/hiding the content. I

Answer 1

Why not have the content be outside the webserver directory, and then have a php script that can validate if the person should see it, and then send it to them.

So, you have getcontent.php, and you can look at a cookie, or a token that was given to the javascript page and it uses to do the request, and then it will just fetch the real content, set the mime types and stream it to the user.

This way you can change your logic as to who should have access, without changing any of the rest of your application.

There is no real difference to having http://someorg.net/myimage.gif and http://someorg.net/myscript.php?token=887799&img_id=ddtw88 to the browser, but obviously it will need to work with GET so a time limited value is necessary as the user can see reuse it.