Thursday, May 15, 2008

SWFUpload & Sessions

Have you tried SWFUpload?
It's cool flash uploader which is ideal for uploading big files (over 5-10MB) and having visual status about how much it's left.

Everything seems fine from the demos, etc. but! Yeah there is one clause that I figured out by myself while trying to use the tool in Drupal.
If you want to use the SWFUpload in restricted areas with scripts that require sessions (e.g. cookie sessions) you will fall into the hole.
For solving the issue add session read from $_GET also cause under Safari/Firefox/MAC OS X; Firefox/Linux the SWFUploader won't pass any cookies the the "upload.php" script.

Example solution for drupal:

if (isset($_GET['fmauthsessid']) {
if ($_GET['fmauthsessid']) {
$_COOKIE[session_name()] = $_GET['fmauthsessid'];
$key = $_GET['fmauthsessid'];
}
}
else {
if (!isset($_COOKIE[session_name()])) {
$user = drupal_anonymous_user();
return '';
}
}

Put this in the beginning of sess_read() in includes/session.inc

More experience lessons will be comming these days.