When you use some Flash stuff that sends AJAX request then you loose
your session id because Flash is not the same HTTP_USER_AGENT as your
good browser.
I discovered that trying to use SwfUpload (upload your files using
AJAX with progressbar).
I cannot send params directly due to security reasons. Also I don't
like to change files from "cake" folder.
Here is code that solves the problem. Insert in app/config/core.php
after define('CAKE_SESSION_TIMEOUT', '3600');
=== code begin ===
if (isset($_POST[CAKE_SESSION_COOKIE])) {
session_name(CAKE_SESSION_COOKIE);
session_id($_POST[CAKE_SESSION_COOKIE]);
}
session_start();
$_SESSION['Config']['userAgent'] = md5(env('HTTP_USER_AGENT') .
CAKE_SESSION_STRING);
=== code end ===
I'm using http://swfupload.praxion.co.za/ version of SwfUpload. For
the old SwfUpload you may need to change POST to GET.
There could be security problem with Hijacking so it's better to check
URL and apply this code only for the pages that need it.
Dear gurus, please advise if there could be any other problems with
security or Cake philosophy.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
