Working with SWFUpload and PHP sessions issue

3
votes

I am using the jquery addon swfupload.

This addon, SWFUpload works with the php file upload.php (sends the uploaded file info to it and the php saves to dir).

Now my issue is that in every page on my site i have included page_protect();

This starts sessions checks and sets session variables such as userID.

Now in upload.php i wish to output example. "OK id 123, you made it!!"

the id 123 should be the $_SESSION['userID'] outputted there. I tried to output this, but its like theres nothing in $_SESSION['userID'].

I dont understand, it works on all my other pages.

But it seems like the SWFupload when it uses flash to read and execute upload.php the session is another/disappears and cant get the variables?

Are there a explanation for this? How can i fix this?

Update

I tried to make a html normal file form with action="upload.php" and made upload.php to submit the session_id(). When i did this i got the same id as my other sites and my variable userID worked just fine!

Then i tried to set debug to true on swfupload and made upload.php output the same, session_id, and this time it was another session_id and NOT like the other, that contain user_ID variable.

So somehow, when it use flash and executes upload.php it starts a completly new session and therefore theres no variables saved in it. Although this is only a theory what i found out so far.

Update

Ok so now I found out that the session_id are being sended in the SWFUpload configuration,

post_params: {"PHPSESSID" : "<?php echo session_id(); ?>"},

And i can see in the upload.php later in the code, after printing session_id() that it actually changes the session id with this:

// Code for Session Cookie workaround
    if (isset($_POST["PHPSESSID"])) {
        session_id($_POST["PHPSESSID"]);
    } else if (isset($_GET["PHPSESSID"])) {
        session_id($_GET["PHPSESSID"]);
    }

I took this and placed it before i printed out session_id() and now it prints the same session_id() as the one, the variable userID is stored in.

Now I try to output userID once again, but now I just receive Undefined index: userID error, like it has not been set.

I also tried to set another variable than userID, 'test' with value 123, set on the form upload page, and want to output on the upload.php page, and it could not output it.

How can i fix this? please

5
phpsessionswfupload
Stupid question: do you include page_protect() in upload.php? :) And how do you check if upload.php outputted the right data? Logging to file? - WASD42

5 Answers

3
votes

See http://www.swfupload.org/forum/generaldiscussion/383 for an explanation of the problem.

Essentially SWFUpload doesn't pass your session cookie onto your upload script. A workaround is to pass the session ID as a parameter, or some identifier that can recreate the session when the upload script is called.

1
votes

The problem is - flash uploader don't know anything about user's session. By default session data is stored as cookie in user's browser and as a file on your server side. To make Flash uploader take care about session do something like this:

{
  movie: 'uploader.swf', 
  id: 'someid',
  name: 'someid',
  flashvars: 'cookie=' + document.cookie,
}

On server side start session:

$cookies = explode(';', $_POST['cookie']);

// Get your session cookie like
// list($cookieName, $cookieValue) = str_split('=', $_GET['cookie']);

session_name($sessionName);
session_start();

As an alternative you always can add session ID to form's action as you already did.

0
votes

Default SWFUpload sends files one by one to upload.php - and then submit a form to destination page. It's the destination page that the user actually sees, so output anything there naturally won't show in the browser (as it's only seen by the flash application, and forwarded to javascript). Unless you explicitly tell javascript to show the return value from upload.php it won't be visible.

0
votes

Just like you pointed out the session_id is passed through in the swfupload config by:

// Upload configuration

var settings = {
        flash_url: "swfupload/swfupload.swf",
        upload_url: "swfupload/upload.php",
        post_params: {
            "PHPSESSID": "xxx",
            "uploadpath": "xxx"
        }

So all you have to do is this in your PHP:

if (isset($_POST['PHPSESSID'])){
   session_id($_POST['PHPSESSID']);
}

Is the session does not exist, session_id will return an empty string so you can go on from there.

http://nl3.php.net/session_id

0
votes

Just don't forget to have the parameters in php.ini that set :

  session cookies to on
  and session.use_only_cookies to off

and on a symfony1.x environnement session are handled this way:

  post_params: {
     <?php echo "'".ini_get('session.name')."':'".session_id()."',"; ?>
  }