Closed (duplicate)
Project:
SWFUpload
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
29 Sep 2009 at 14:22 UTC
Updated:
17 Jun 2010 at 13:28 UTC
Unfortunatelly the some flashplayers have a bug which causes it not to send the cookies with requests it does. Because of this, Drupal will start a new session, with an anonymous user when uploading files. The attached patch works around this by including the cookies in the POST request. It does require the installation of swfupload.cookie.js from the upstream SWFUpload package in the swfupload/ directory.
| Comment | File | Size | Author |
|---|---|---|---|
| retain-session.patch | 960 bytes | gnoddep |
Comments
Comment #1
shaneonabike commentedI'm having the same issue on a site that is being built. The user always comes back (in watchdog when I track it) as not being from the session that I originally logged in as. Therefore files aren't properly uploaded.
I tried your code but it still doesn't seem to be working properly. Was there other changes that you made after you posted this original patch?
Would be great to resolve this issue.
Here's a dump from the debug..
Cheers
Shane
Comment #2
gnoddep commentedHave you added swfupload.cookies.js from the upstream SWFUpload-distribution to the swfupload/ directory?
Comment #3
shaneonabike commentedHey,
I added it to 'swfupload/SWFUploadCore/plugins/' as that was what I understood was the correct location. Should it actually be put in 'swfupload/SWFUploadCore' with swfupload.js?
Thanks for your help!
Shane
Comment #4
gnoddep commentedIn the module root you should have a directory named swfupload, in that directory should be the files swfupload.swf, swfupload.js and swfupload.cookies.js
Comment #5
shaneonabike commentedYep that's where the file is located but it doesn't actually seem to make a difference.
Comment #6
Manonline commentedHi, sorry for my english
I'm having this problem in 6.x-2.0-beta2. I did a select to the sessions table after login, with one result. When I try to upload a file with SWFUpload, says "Server Error", I do the same select to the sessions table, with two results.
The problem is in swfupload_access(). I added some code lines in any "if". The sid validation fails.
Comment #7
skilip commentedCan anyone confirm the patch for retaining the user's session by the provided patch is actually needed? Most upload errors are caused by server configurations like, max_post_size or mod security. There's a lot to read about this in the SWFUpload docs: http://www.google.nl/search?hl=nl&q=403+site%3Aswfupload.org%2F&meta=&aq...
Comment #8
skilip commentedAnd does this issue also apply on 6.x-2?
Comment #9
eugenmayer commentedpretty sure this is realted to http://github.com/EugenMayer/drupalwiki_multiupload/blob/master/drupalwi... .
This must be added, otherwise session restore is not complete the way it has been done right now.
Comment #10
shaneonabike commentedI think that this is totally on the right track. When we looking into this issue in the past it was discovered that files being uploaded were done as 'Anonymous' which is because the session wasn't being used. This is pretty unsafe generally especially if you don't allow anonymous users to upload files.
Saving the session would really fix this issue especially when doing posts.
Cheers
Shane
Comment #11
skilip commentedThe patch currently provided isn't the way to go IMO. I'd rather restore the session in swfupload_access(). Hook_init() should be avoided as much as possible.
@EugenMayer: Which function should be used to restore the session again? session_id()?
Comment #12
eugenmayer commentedHi Philip
Comment #13
eugenmayer commenteddublicate of #796916: SID not always correctly restored