Forum: Ruby on Rails Session IDs and SWFUpload

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
00973881979aa0a660ffbbb2f7a907fb?d=identicon&s=25 Peter De Berdt (Guest)
on 2007-01-18 16:45
(Received via mailing list)
Hi

I'm using SWFUpload in one of my applications, but it has one big
shortcoming: it doesn't maintain the session. Let me explain:

The user has to login to the application, thus creating an
authenticated session (cookie _session_id client side and the
sessions table server side). However, when you use SWFUpload, the
upload script is called with a new session (unauthenticated), making
the app assume the new session has no access and redirects it to the
login page.

Currently, I've just exposed the upload methods, so that they don't
require authentication. However, this is like locking your front
door, but leaving the back door wide open.

Apparently, the only way for a Flash file to pass on parameters, is
using GET. I can append the _session_id cookie value to the upload
URL, but I can't seem to get Rails to use this _session_id value
(params[:_session_id] instead of the one passed in the HTTP headers.

Is it somehow possible to override the HTTP header cookie _session_id
in favor of one that is passed as a GET parameter, but only for the
upload_file method, so that the authenticated state is still recognized?


Best regards

Peter De Berdt
70ca58d0e0e0eabbdb74d177417d09d7?d=identicon&s=25 augustlilleaas@gmail.com (Guest)
on 2007-01-18 16:53
(Received via mailing list)
Never heard of SWF upload. Why not use acts_as_attachment instead?
Widely used, nicely tested and written by a rails core dev.

http://svn.techno-weenie.net/projects/plugins/acts...
7223c62b7310e164eb79c740188abbda?d=identicon&s=25 Xavier Noria (Guest)
on 2007-01-21 01:03
(Received via mailing list)
On Jan 18, 2007, at 4:51 PM, augustlilleaas@gmail.com wrote:

>
> Never heard of SWF upload. Why not use acts_as_attachment instead?
> Widely used, nicely tested and written by a rails core dev.
>
> http://svn.techno-weenie.net/projects/plugins/acts...

They are not comparable. SWFupload is a flash file-upload widget with
lots of features, see

   http://labb.dev.mammon.se/swfupload/

-- fxn
C004d67820a114e24ccf6f2ddaf5b236?d=identicon&s=25 Richard Livsey (Guest)
on 2007-01-21 03:05
(Received via mailing list)
> >
> -- fxn
I came across the same problem recently and this solved it nicely:

http://blog.inquirylabs.com/2006/12/09/getting-the...
d/

hth

--
Richard Livsey
Head of Agile Development, CitySafe

http://citysafe.org ....... CitySafe
http://thatsprogress.com .. The Fitness Community (soon)
http://livsey.org ......... Blog : Musings of a Rails Developer
00973881979aa0a660ffbbb2f7a907fb?d=identicon&s=25 Peter De Berdt (Guest)
on 2007-01-21 15:30
(Received via mailing list)
On 21 Jan 2007, at 03:05, Richard Livsey wrote:

> I came across the same problem recently and this solved it nicely:
>
> http://blog.inquirylabs.com/2006/12/09/getting-the...
> swfuploa
> d/

This is just great, a big thanks to you Richand and to Duane!


Best regards

Peter De Berdt
This topic is locked and can not be replied to.