I was thinking about this as a way to do it without using cookies, and keeping things copacetic with TGP's:
1. Create a mysql database with IP & a TIMESTAMP
2. Use mod_rewrite to rewrite all your gallery pages (with .html extentions to please the TGP's) - or anything under your gallery directory to a script in language of your choice (mod_perl, PHP, C.. something fast).... lets call it storeip.cgi
So someone hits galleryXYX123.html and gets redirected to storeip.cgi?galleryXYZ123.html, which stores the persons IP & timestamp and then pulls up the galleryXYZ123.tmpl template.
3. On the gallery page you have links to you actual movie samples. Again, to keep it TGP friendly you don't want to use CGI's.. so you could keep all your movie samples in a folder called MSAMPS & then rewrite all requests to that directory to getmovie.cgi?filename.ext
So a request for movie1.mpg would get rewritten to getmovie.cgi?movie1.mpg which would CHECK THE MYSQL DATABASE for the ip of the person requesting the movie
> if they are in the database, then give them the movie.
> if they are not, then give them the error page.
Again this script should be written with a resource friendly language... mod_perl, mod_php maybe, or better in C.
4. Write a 'flush' script that would flush out the mysql database for anyone entries older than XX mins.
Of course theres always
www.antihotlinking.com but I refuse to run any
closed source 3rd party apps/scripts on my money-making traffic-producing production boxes.
But for $199 or whatever they charge now, it might be the solution for you if your willing to accept the potential risks of running pre-compiled software.
It's a lot easier to implement than my idea, and would be perfect if they gave you the source code to audit.
(As far as I know they wont, but you should dEMAnd it.)