[Session & Flash] Flash-Uploader destroys session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Paw
Forum Newbie
Posts: 20
Joined: Tue Jul 17, 2007 10:27 am

[Session & Flash] Flash-Uploader destroys session

Post by Paw »

I've got a strange problem with PHP sessions and a Flash-based file uploader movie.
Since the Flash plugin doesn't pass the session id cookie to the target PHP script, I put the session id into the movie's upload target URL as a GET variable.

Within the upload-handling PHP script, I do the following:

Code: Select all

if(isset($_GET['id']) {
    session_id($_GET['id']);
    session_start();
    ...
}
But everytime I upload something, and the session is started within the target PHP script, the session data is not restored but completely destroyed.
I make use of that uploader movie in context of an administration area which requires a user to be logged in. After an upload attempt, the access to that area is restricted again, since the session data is lost.

Is it possible, that PHP session-functions are somehow sensitive towards certain HTTP request headers which the Flash movie generates?
Here is an excerpt from the $_SERVER-variable dump (I removed the file-system-related stuff):

Code: Select all

[HTTP_HOST] => localhost
    [HTTP_ACCEPT] => */*
    [HTTP_USER_AGENT] => Shockwave Flash
    [HTTP_CONNECTION] => Keep-Alive
    [HTTP_CACHE_CONTROL] => no-cache
    [CONTENT_LENGTH] => 45403
    [HTTP_EXPECT] => 100-continue
    [CONTENT_TYPE] => multipart/form-data; boundary=----------------------------88301032c88d
    [SERVER_SIGNATURE] => <address>Apache/2.2.3 (Linux/SUSE) Server at localhost Port 80</address>
    [SERVER_SOFTWARE] => Apache/2.2.3 (Linux/SUSE)
    [SERVER_NAME] => localhost
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => POST

Thanks for your help in advance!

EDIT: Some notes for those who consider creating a multiple file uploader using Flash

Just for the record, I dropped that project, it isn't worth the hassle, since the methods for the Flash-player's file upload are totally bug-riddled and way too unstable to be of any serious use, yet.

I tested on both Windows and Linux. The latest Flash-plugin for Linux makes the browser instantly crash when the upload-handling script "takes too long" to process the request.

I found many sources discussing the issues with Flash's FileReference.upload method; there are a couple of quirks, like wrong header data which even makes certain http-servers block the requests.
Another issue is, that *always* the first upload attempt does not create a POST request. I can monitor it in Apache's "incoming" log. So the very first selected file will not upload, but Flash dispatches an "onComplete"-event, making the user believe everything's fine.

However, the PHP session destruction problem is still beyond me. I know how sessions work, but I don't get why PHP's standard session functions decide to drop the session data, when it receives POST requests from the Flash uploader.

The only solution to that problem would be a custom session handler. However, the Flash-related problems about the stability, wrong header data and skipped first file upload, makes me totally drop this thing. If at all, I'd reconsider this project, making use of an Java applet.
kunaja
Forum Newbie
Posts: 1
Joined: Wed Jan 23, 2008 9:03 am

Re: [Session & Flash] Flash-Uploader destroys session

Post by kunaja »

If you save session information in a database-cookie way, you could send the cookie as an extra POST variable with the filereference call. Though I think this only works in the updated Flash9 version
Post Reply