Unfortunatelly the some flashplayers have a bug which causes it not to send the cookies with requests it does. Because of this, Drupal will start a new session, with an anonymous user when uploading files. The attached patch works around this by including the cookies in the POST request. It does require the installation of swfupload.cookie.js from the upstream SWFUpload package in the swfupload/ directory.

CommentFileSizeAuthor
retain-session.patch960 bytesgnoddep

Comments

shaneonabike’s picture

I'm having the same issue on a site that is being built. The user always comes back (in watchdog when I track it) as not being from the session that I originally logged in as. Therefore files aren't properly uploaded.

I tried your code but it still doesn't seem to be working properly. Was there other changes that you made after you posted this original patch?

Would be great to resolve this issue.

Here's a dump from the debug..

---SWFUpload Instance Info---
Version: 2.2.0 2009-03-25
Movie Name: SWFUpload_0
Settings:
	upload_url:               /swfupload
	flash_url:                /sites/qa.library.ole.org/modules/contrib/swfupload/swfupload/swfupload.swf?preventswfcaching=1256241631099
	use_query_string:         false
	requeue_on_error:         false
	http_success:             
	assume_success_timeout:   0
	file_post_name:           upload
	post_params:              [object Object]
	file_types:               *.jpg;*.jpeg;*.gif;*.png;*.txt;*.doc;*.xls;*.pdf;*.ppt;*.pps;*.odt;*.ods;*.odp;*.mp3
	file_types_description:   
	file_size_limit:          10485760000
	file_upload_limit:        50
	file_queue_limit:         50
	debug:                    true
	prevent_swf_caching:      true
	button_placeholder_id:    upload-swfwrapper
	button_placeholder:       Not Set
	button_image_url:         /node/add/
	button_width:             154
	button_height:            15
	button_text:              
	button_text_style:        color: #000000; font-size: 16pt;
	button_text_top_padding:  0
	button_text_left_padding: 0
	button_action:            -110
	button_disabled:          false
	custom_settings:          [object Object]
Event Handlers:
	swfupload_loaded_handler assigned:  true
	file_dialog_start_handler assigned: false
	file_queued_handler assigned:       true
	file_queue_error_handler assigned:  true
	upload_start_handler assigned:      false
	upload_progress_handler assigned:   true
	upload_error_handler assigned:      true
	upload_success_handler assigned:    true
	upload_complete_handler assigned:   true
	debug_handler assigned:             true

SWF DEBUG: SWFUpload Init Complete
SWF DEBUG: 
SWF DEBUG: ----- SWF DEBUG OUTPUT ----
SWF DEBUG: Build Number:           SWFUPLOAD 2.2.0
SWF DEBUG: movieName:              SWFUpload_0
SWF DEBUG: Upload URL:             /swfupload
SWF DEBUG: File Types String:      *.jpg;*.jpeg;*.gif;*.png;*.txt;*.doc;*.xls;*.pdf;*.ppt;*.pps;*.odt;*.ods;*.odp;*.mp3
SWF DEBUG: Parsed File Types:      jpg,jpeg,gif,png,txt,doc,xls,pdf,ppt,pps,odt,ods,odp,mp3
SWF DEBUG: HTTP Success:           0
SWF DEBUG: File Types Description:  (*.jpg;*.jpeg;*.gif;*.png;*.txt;*.doc;*.xls;*.pdf;*.ppt;*.pps;*.odt;*.ods;*.odp;*.mp3)
SWF DEBUG: File Size Limit:        10737418240000 bytes
SWF DEBUG: File Upload Limit:      50
SWF DEBUG: File Queue Limit:       50
SWF DEBUG: Post Params:
SWF DEBUG:                         Drupal_l10n_client=0
SWF DEBUG:                         filepath=sites/qa.library.ole.org/files/
SWF DEBUG:                         has_js=1
SWF DEBUG:                         node_settings={ "filepath": "%file_directory_path", "list": 1, "file_extensions": "jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp mp3", "max_file_size": 10485760000, "upload_usersize": 10485760000, "node_max_file_size": 10485760000, "max_files": 50, "max_img_resolution": "800x600" }
SWF DEBUG:                         SESS4d5e0298942ede366523e00ee0e5e5cb=66904a066da583752afcb9c6196ff7df
SWF DEBUG:                         __utma_a2a=1.7607796446.1255553847.1256225007.1256237395.21
SWF DEBUG:                         max_img_resolution=800x600
SWF DEBUG:                         op=move_uploaded_file
SWF DEBUG:                         instance={ "name": "upload" }
SWF DEBUG:                         SESS4d48619cdd8ae5d080a39d3f32de1538=e929d2cb01100228fc40cd3e2a42d131
SWF DEBUG:                         sid=312a6434316438636439386630306232303465393830303939386563663834323765
SWF DEBUG: ----- END SWF DEBUG OUTPUT ----
SWF DEBUG: 
SWF DEBUG: Event: fileDialogStart : Browsing files. Multi Select. Allowed file types: *.jpg;*.jpeg;*.gif;*.png;*.txt;*.doc;*.xls;*.pdf;*.ppt;*.pps;*.odt;*.ods;*.odp;*.mp3
SWF DEBUG: Event: fileDialogComplete: File Dialog window cancelled.
SWF DEBUG: StartUpload: First file in queue
SWF DEBUG: StartUpload(): No files found in the queue.
SWF DEBUG: Event: fileDialogStart : Browsing files. Multi Select. Allowed file types: *.jpg;*.jpeg;*.gif;*.png;*.txt;*.doc;*.xls;*.pdf;*.ppt;*.pps;*.odt;*.ods;*.odp;*.mp3
SWF DEBUG: Select Handler: Received the files selected from the dialog. Processing the file list...
SWF DEBUG: Event: fileQueued : File ID: SWFUpload_0_0
SWF DEBUG: Event: fileDialogComplete : Finished processing selected files. Files selected: 1. Files Queued: 1
SWF DEBUG: StartUpload: First file in queue
SWF DEBUG: Event: uploadStart : File ID: SWFUpload_0_0
SWF DEBUG: Global Post Item: Drupal_l10n_client=0
SWF DEBUG: Global Post Item: filepath=sites/qa.library.ole.org/files/
SWF DEBUG: Global Post Item: has_js=1
SWF DEBUG: Global Post Item: node_settings={ "filepath": "%file_directory_path", "list": 1, "file_extensions": "jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp mp3", "max_file_size": 10485760000, "upload_usersize": 10485760000, "node_max_file_size": 10485760000, "max_files": 50, "max_img_resolution": "800x600" }
SWF DEBUG: Global Post Item: SESS4d5e0298942ede366523e00ee0e5e5cb=66904a066da583752afcb9c6196ff7df
SWF DEBUG: Global Post Item: __utma_a2a=1.7607796446.1255553847.1256225007.1256237395.21
SWF DEBUG: Global Post Item: max_img_resolution=800x600
SWF DEBUG: Global Post Item: op=move_uploaded_file
SWF DEBUG: Global Post Item: instance={ "name": "upload" }
SWF DEBUG: Global Post Item: SESS4d48619cdd8ae5d080a39d3f32de1538=e929d2cb01100228fc40cd3e2a42d131
SWF DEBUG: Global Post Item: sid=312a6434316438636439386630306232303465393830303939386563663834323765
SWF DEBUG: ReturnUploadStart(): File accepted by startUpload event and readied for upload.  Starting upload to /swfupload for File ID: SWFUpload_0_0
SWF DEBUG: Event: uploadProgress (OPEN): File ID: SWFUpload_0_0
SWF DEBUG: Event: uploadProgress: File ID: SWFUpload_0_0. Bytes: 658825. Total: 658825
SWF DEBUG: Event: uploadError: HTTP ERROR : File ID: SWFUpload_0_0. HTTP Status: 403.
SWF DEBUG: Event: uploadComplete : Upload cycle complete.
SWF DEBUG: StartUpload: First file in queue
SWF DEBUG: StartUpload(): No files found in the queue.

Cheers

Shane

gnoddep’s picture

Have you added swfupload.cookies.js from the upstream SWFUpload-distribution to the swfupload/ directory?

shaneonabike’s picture

Hey,

I added it to 'swfupload/SWFUploadCore/plugins/' as that was what I understood was the correct location. Should it actually be put in 'swfupload/SWFUploadCore' with swfupload.js?

Thanks for your help!

Shane

gnoddep’s picture

In the module root you should have a directory named swfupload, in that directory should be the files swfupload.swf, swfupload.js and swfupload.cookies.js

shaneonabike’s picture

Yep that's where the file is located but it doesn't actually seem to make a difference.

Manonline’s picture

Hi, sorry for my english

I'm having this problem in 6.x-2.0-beta2. I did a select to the sessions table after login, with one result. When I try to upload a file with SWFUpload, says "Server Error", I do the same select to the sessions table, with two results.

The problem is in swfupload_access(). I added some code lines in any "if". The sid validation fails.

skilip’s picture

Can anyone confirm the patch for retaining the user's session by the provided patch is actually needed? Most upload errors are caused by server configurations like, max_post_size or mod security. There's a lot to read about this in the SWFUpload docs: http://www.google.nl/search?hl=nl&q=403+site%3Aswfupload.org%2F&meta=&aq...

skilip’s picture

And does this issue also apply on 6.x-2?

eugenmayer’s picture

Status: Active » Needs review

pretty sure this is realted to http://github.com/EugenMayer/drupalwiki_multiupload/blob/master/drupalwi... .
This must be added, otherwise session restore is not complete the way it has been done right now.

shaneonabike’s picture

I think that this is totally on the right track. When we looking into this issue in the past it was discovered that files being uploaded were done as 'Anonymous' which is because the session wasn't being used. This is pretty unsafe generally especially if you don't allow anonymous users to upload files.

Saving the session would really fix this issue especially when doing posts.

Cheers

Shane

skilip’s picture

Status: Needs review » Needs work

The patch currently provided isn't the way to go IMO. I'd rather restore the session in swfupload_access(). Hook_init() should be avoided as much as possible.

@EugenMayer: Which function should be used to restore the session again? session_id()?

eugenmayer’s picture

Hi Philip

 $_COOKIE[session_name()] = 'dummy';
  sess_read($user->sid);
  // This is needed. Most people forget about this - thats why forms wont work anymore ... the validation fails (token)
  session_id($user->sid);
eugenmayer’s picture

Status: Needs work » Closed (duplicate)