Have you tried replacing the PHPSESSID
with sec_session_id
?
$(function() {
$('#file_upload1').uploadify({
'formData' : {
'<?=session_name()?>': '<?=session_id()?>',
'timestamp' : '<?php echo $timestamp;?>',
'token' : '<?php echo md5('unique_salt' . $timestamp);?>'
},
'swf' : 'uploadify.swf',
'uploader' : 'uploadify1.php?id=<? echo $id; ?>&state=<? echo strtolower($state); ?>'
});
});
On top of your PHP: session_id($_POST['sec_session_id']);
Also, session_name($session_name)
should be executed before session_set_cookie_params
.
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
session_name($session_name); // Sets the session name to the one set above.
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
session_set_cookie_params(86400);
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}