Affected modules: digibug, shutterfly
(photoaccess and fotokasten are not affected)
If there's no thumbnail image or if the thumbnail image has a watermark, we tell digibug/shutterfly to use the fullsize image as the thumbnail.
If the user doesn't have permission to view the fullsize, the user won't see a thumbnail @ digibug.com / shutterfly.com during the checkout.
Discussion:
We use 2 sessionIds in digibug/shutterfly checkout for non-public images.
One for digibug to download the fullsize images.
The user's own sessionId appended to the thumbnail URLs since only the user views the thumbnails.
Requirement:
- The solution must avoid allowing the user access to the fullsize / hires image. If at all, then only grant access temporarily to a lowres (smaller than the original thumbnail) image.
- I like the fotokasten.de solution:
Fotokasten generates their own thumbnails based on the hires image they can d/l from G2). The thumbnail URL thus points at their own server and not at G2.
But it'd require a change of digibug's (and shutterfly's) handling, the change isn't limited to G2 code.
Logged In: YES
user_id=942712
Originator: YES
I'd like to hear digibug's / shutterfly's explanations for their design decision to have the thumbnail / preview image point to the the seller's / photograph's website.
Fotokasten and photoworks both generate the preview image on their own server:
- they ensure that the preview image isn't too large (shutterfly and digibug let the browser shrink the image, but they don't ensure that the downloadable image is just a preview version)
- all URLs point to their own server, no dependency on uptime of the remote server.
Of course we could make it work in G2 to serve non-watermarked thumbs, but it would require quite some changes. And I'd prefer to see an improved architecture on digibug's / shutterfly's part than adding workarounds in G2 for their shortcomings.