swfupload 302 error

https://stackoverflow.com/questions/10488110

06-06-2021
|

Question

so I have this javascript code for loading swfuploader onto a page ( http://code.google.com/p/swfupload/)

swfuPubThumbnailUploader = new SWFUpload({
  upload_url : "/upload_thumbnail",
  flash_url : "/Flash/swfupload.swf",
  file_size_limit : 512 + " MB",
  file_post_name: 'files[swf]',
  file_types : '*.jpg;*.jpeg;*.gif;*.png',
  file_types_description: "Image Files",
  file_queue_limit : 1,
  button_placeholder_id: 'swf-trans-file-selector',
  button_text: '',
  button_image_url: '',
  button_width: "85",
  button_height: "25",
  button_cursor : SWFUpload.CURSOR.HAND,
  button_window_mode : SWFUpload.WINDOW_MODE.TRANSPARENT,

  post_params : {
                "sid" : sid
  },

  preserve_relative_urls : true,
  file_queued_handler : fileQueued,
  file_queue_error_handler : fileQueueError,
  file_dialog_complete_handler : fileDialogComplete,
  file_dialog_start_handler : sLibraryFileDialogStart,
  upload_start_handler : sLibraryPubUploadStart,
  upload_progress_handler : sLibraryPubUploadProgress,
  upload_error_handler : sLibraryPubUploadError,
  upload_success_handler : sLibraryPubUploadSuccess,
  upload_complete_handler : sLibraryPubUploadComplete,
  queue_complete_handler : queueComplete, // Queue plugin event

  custom_settings: {
    progressTarget : ("fsPPUploadProgress")
  }
});

but then whenever I upload (upload images, to be more specific...) using swfuploader, swfuploader will complain about 302 error which suggest that the url is redirecting...but then when I visited the upload url '/upload_thumbnail' no redirection takes place and the upload url loaded fine...so I checked out fiddler to check the two cases and here are the requests for each of the case

For when I visited /upload_thumbnail via browser:

GET /upload_thumbnail HTTP/1.1
Host: my.domain.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __utma=171146939.260757561.1311084520.1336078159.1336400574.117; __utmz=171146939.1311084520.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=104299925.1228643063.1313075490.1335542105.1335567483.41; __utmz=104299925.1333981938.38.25.utmcsr=my.domain.com:8090|utmccn=(referral)|utmcmd=referral|utmcct=/browse/MD-2760; __qca=P0-29539114-1325619242917; SESS5ccc5f20cb72179af2f569e77eaa49da=6vde0rln7q3384k5lcvedsgfh3; SimpleSAMLAuthToken=_c2f653a6e9b18b10439d73849fb1142a7d43851998; __utmc=171146939; has_js=1
If-Modified-Since: Mon, 07 May 2012 19:13:38 +0000
If-None-Match: "1336418018"

Which loads fine with status 200

Then the one from swfuploader

POST /upload_thumbnail HTTP/1.1
Accept: text/*
Content-Type: multipart/form-data; boundary=----------gL6Ef1Ef1KM7Ij5gL6ae0gL6GI3GI3
User-Agent: Shockwave Flash
Host: my.domain.com
Content-Length: 847357
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=171146939.1934231828.1323362429.1328283903.1333582993.5; __utmz=171146939.1323362429.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=104299925.1653270920.1323362234.1334760245.1335992862.7; __utmz=104299925.1323362234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SESS5ccc5f20cb72179af2f569e77eaa49da=0qjn1gva2rhlcqiqp2g7liumd0; __qca=P0-1855943596-1327334275533

which ended up with status 302 and redirection to a login page....

So I found out that the culprit is the Cookie: request....if I switch the browser's COOKIE request to the swfuploader's Cookie request the swfuploader request would load with status 200 properly...

My first question is.....WHY? What's wrong with the swfuploader's Cookie request?

And secondly, how can this be translated to my javascript SWFUpload code at the topmost such that the actual swfuploader in the browser will have its Cookie request fixed appropriately....

Solution

The default PHP session handler mechanism uses both your Cookie and your User-Agent to match a session to a user. As Flash identifies itself to the server with the user-agent of "ShockWave Flash", which is different than your browser's UA, php assigns a new session to the request.

You can check this if you output _POST data and then compare those values with the ones you get after session_start() or if you change your browser UA to exactly match that sent by Flash.

The solution?

Pass the session ID to the server whatever way you want, the default being _POST, and initialize the session with the correct id.

SWFUpload provides you with post_params that "defines the name/value pairs that will be posted with each uploaded file".

// SWFUpload example - taken from you own config file
post_params : {
    "sid" : sid => THIS WOULD BE YOUR SESSION ID!; you can put <?=session_id()?>
},

And then on the server side...

// Prior to starting the session as you normally do you'll want to check if 
// you're trying to pass a session id by post, if so, initialize session with it
<?php
if(isset($_POST['sid']))
{
    session_id($_POST["sid"]);
}
session_start();

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow