I have a pretty nice php web site, that's also reasonably secure.
However, I wrote some php code to create some dynamic images based on
database data, but I can't figure out how to secure this script?


when I reference the php code via img src="myimage.php", none of my
session variables are available for use in the script. So, without my
session variables, how am I suppose to ensure that the script is only
run by a valid user, rather than just anyone who can blindly type in
random parameters to my image creation script?


I'm really stumped on this one.