Session data disappears in FLASH – SWFUpload


Gnome-mime-application-x-shockwave-flash
Image via Wikipedia

Recently we had to get rid of this strange problem in one of our project due to some security concern. It was a nightmare that we had used a funny method to overcome this problem (by-passing real login session & allowing SWFUpload to upload any image), strange!. But, now we have a solution to this problem thanks to my mind & the time.

The problem is….

When you submit a form (here it’s uploading an image) everything seems to be fine (session data) till the control reaches session_start(), right-after that call $_SESSION array becomes empty and it assigns a new session_id, gotcha!. The problem is with the new session being created each time when SWFUpload try to upload an image, but WHY?

As you know SWFUpload uses flash to do it’s magic in uploading an image asynchronously and flash has an user-agent of “Shockwave Flash”, hence apache thinks it’s a new request from a new browser and it assigns a new session, means it doesn’t really destroys the old session but creates a new session.

The solution is….

to keep the original session_id somewhere either in cookie or in a table, then pass the stored session_id to session_id() before calling session_start().

So simple ah!

Happy coding.

Session data disappears in FLASH – SWFUpload

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s