Session IDs and SWFUpload

Peter_De_Berdt · January 18, 2007, 3:44pm

Hi

I’m using SWFUpload in one of my applications, but it has one big shortcoming: it doesn’t maintain the session. Let me explain:

The user has to login to the application, thus creating an authenticated session (cookie _session_id client side and the sessions table server side). However, when you use SWFUpload, the upload script is called with a new session (unauthenticated), making the app assume the new session has no access and redirects it to the login page.

Currently, I’ve just exposed the upload methods, so that they don’t require authentication. However, this is like locking your front door, but leaving the back door wide open.

Apparently, the only way for a Flash file to pass on parameters, is using GET. I can append the _session_id cookie value to the upload URL, but I can’t seem to get Rails to use this _session_id value (params[:_session_id] instead of the one passed in the HTTP headers.

Is it somehow possible to override the HTTP header cookie _session_id in favor of one that is passed as a GET parameter, but only for the upload_file method, so that the authenticated state is still recognized?

Best regards

Peter De Berdt

August_Lilleaas · January 18, 2007, 3:51pm

Never heard of SWF upload. Why not use acts_as_attachment instead? Widely used, nicely tested and written by a rails core dev.

http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/

fxn · January 21, 2007, 12:02am

They are not comparable. SWFupload is a flash file-upload widget with lots of features, see

http://labb.dev.mammon.se/swfupload/

-- fxn

Richard_Livsey · January 21, 2007, 2:04am

From: rubyonrails-talk@googlegroups.com [mailto:rubyonrails- talk@googlegroups.com] On Behalf Of Xavier Noria Sent: 21 January 2007 00:03 To: rubyonrails-talk@googlegroups.com Subject: [Rails] Re: Session IDs and SWFUpload

> > Never heard of SWF upload. Why not use acts_as_attachment instead? > Widely used, nicely tested and written by a rails core dev. > > http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/

They are not comparable. SWFupload is a flash file-upload widget with lots of features, see

http://labb.dev.mammon.se/swfupload/

-- fxn

Richard_Livsey · January 21, 2007, 2:05am

I came across the same problem recently and this solved it nicely:

d/

hth

Peter_De_Berdt · January 21, 2007, 2:29pm

This is just great, a big thanks to you Richand and to Duane!

Best regards

Peter De Berdt

Topic		Replies	Views
swfupload, and uploading via an authenticated session. rubyonrails-talk	7	160	October 6, 2008
any news about swfupload & sessions? rubyonrails-talk	2	140	June 19, 2008
SWFupload rubyonrails-talk	12	239	January 29, 2008
Need to maintiain session with requests from Flash movie rubyonrails-talk	2	137	March 12, 2007
Swfobject rails 2.3.2 - get session vars rubyonrails-talk	1	128	July 23, 2009

Session IDs and SWFUpload

Related topics

More Resources