November 24, 2010 at 14:40
In regular non-PDF scenario, the image requests are initiated by a web browser after the main HTML page is loaded. So I do not think it uses any proprietary HTTP headers to identify a user/session. I would expect a very standard session ID propagation – via cookie (in HTTP header) or via URL string.
Try to dump HTTP headers (there are browser plugins or other tools for that) and determine the way it identifies a session.