Hi All,

Does anyone managed to run SWFUpload with rails 2.0.2 ?

Any help greatly appreciated !

Regards, Lukas

Create a session_patch.rb file in the initializers directory, with the following content. Use the cookie_only session setting to

allow the desired actions to receive the session id outside the cookie:

ex: session :cookie_only => false, :only => %w(file_upload)

– cut here –

class CGI::Session

alias original_initialize initialize

The following code is a work-around for the Flash 8 bug that prevents our multiple file uploader

from sending the _session_id. Here, we hack the Session#initialize method and force the session_id

to load from the query string via the request uri. (Tested on Lighttpd, Mongrel, Apache)

def initialize(cgiwrapper, option = {})

#RAILS_DEFAULT_LOGGER.debug “#{FILE}:#{LINE} Session options #{option.inspect} *********************”

unless option[‘cookie_only’]

#RAILS_DEFAULT_LOGGER.debug “#{FILE}:#{LINE} Initializing session object #{ cgiwrapper.env_table[‘RAW_POST_DATA’]} *********************”

session_key = option[‘session_key’] || ‘_session_id’

query_string = if (rpd = cgiwrapper.env_table [‘RAW_POST_DATA’]) and rpd != ‘’


elsif (qs = cgiwrapper.env_table[‘QUERY_STRING’]) and qs != ‘’


elsif (ru = cgiwrapper.env_table [‘REQUEST_URI’][0…-1]).include?(‘?’)

ru[(ru.index(‘?’) + 1)…-1]


if query_string and query_string.include?(session_key)

option[‘session_id’] = query_string.scan(/#{session_key}=(.?)(&.?)*$/).flatten.first






This probably only works if you’re using a database session table and not the new cookie based session i presume?

Best regards

Peter De Berdt

Thank you for the hint.

I will try that and post later if that worked out for me.

Regards, Lukasz

I expect it to work on all session stores (including memcache), excepting the new cookie store. If you can’t send the session Id in a cookie, you won’t be able to send the session cookie.

Hello Eider,

Unfortunately this fix does not work for me. I am using restful_authentication and I receive this error in logfile:


I tried to URL.encode the session id but it does not work. I have been playing with this issue for so much time that I am totally lost.

Maybe there is any other hint from your side more...

Regards, Lukasz

I'm using it, but it's not tied to rails. What's your problem? Picking it up in the controller?

works for me.

What OS?

eggie5 wrote:

works for me.

What OS?

I use Ubuntu. But here next to my computer stands windows machine.

Simply: Windows FF - does not work Windows IE7 - works Linux Firefox - does not work

I have almost given up.

Any ideas ? Maybe it's a problem with that fix provided at the beginning of the topic ?


eggie5 wrote:

works for me.

What OS?

ok so could you post all of your rails app settings and code snips please... i am really getting out of ideas... :slight_smile:

thanks lukasz

What isn't working with it?

eggie5 wrote:

What isn't working with it?

Indeed it is working but just in Internet Explorer 7. I found an information that flash player for Firefox is problematic. Do you have any fix for that ?

Regards, Luaksz

i implemented something with swfupload and simply announce the files with an ajax call before uploading them, storing some record in the db, handing back some id/code which then is posted together with the file upload. that way i get normal session handling and nobody can upload anything without that 'handshake'. i think that's secure enough.