Can appache read some kind of header even when an image is requested? a header that is client determined and then can be saved to a session value that apache can observe?
I think facebook would have implemented something like this so people couldn't share images, but that doesn't seem to be the case, they havne't. (last time i checked 2012 to be honest)
The idea is that when a user logs in, they set a session for the text/html content of the experience and they set a session for the images stored in a subdomain. that way there is a privilege system about who can see what.
I don't think it's possibel though unless you have server side code manually throw back that image after an "post-apache" process.