Hi I''m using SWFUpload in one of my applications, but it has one big shortcoming: it doesn''t maintain the session. Let me explain: The user has to login to the application, thus creating an authenticated session (cookie _session_id client side and the sessions table server side). However, when you use SWFUpload, the upload script is called with a new session (unauthenticated), making the app assume the new session has no access and redirects it to the login page. Currently, I''ve just exposed the upload methods, so that they don''t require authentication. However, this is like locking your front door, but leaving the back door wide open. Apparently, the only way for a Flash file to pass on parameters, is using GET. I can append the _session_id cookie value to the upload URL, but I can''t seem to get Rails to use this _session_id value (params[:_session_id] instead of the one passed in the HTTP headers. Is it somehow possible to override the HTTP header cookie _session_id in favor of one that is passed as a GET parameter, but only for the upload_file method, so that the authenticated state is still recognized? Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
augustlilleaas-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Jan-18 15:51 UTC
Re: Session IDs and SWFUpload
Never heard of SWF upload. Why not use acts_as_attachment instead? Widely used, nicely tested and written by a rails core dev. http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/ On Jan 18, 4:44 pm, Peter De Berdt <peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org> wrote:> Hi > > I''m using SWFUpload in one of my applications, but it has one big > shortcoming: it doesn''t maintain the session. Let me explain: > > The user has to login to the application, thus creating an > authenticated session (cookie _session_id client side and the > sessions table server side). However, when you use SWFUpload, the > upload script is called with a new session (unauthenticated), making > the app assume the new session has no access and redirects it to the > login page. > > Currently, I''ve just exposed the upload methods, so that they don''t > require authentication. However, this is like locking your front > door, but leaving the back door wide open. > > Apparently, the only way for a Flash file to pass on parameters, is > using GET. I can append the _session_id cookie value to the upload > URL, but I can''t seem to get Rails to use this _session_id value > (params[:_session_id] instead of the one passed in the HTTP headers. > > Is it somehow possible to override the HTTP header cookie _session_id > in favor of one that is passed as a GET parameter, but only for the > upload_file method, so that the authenticated state is still recognized? > > Best regards > > Peter De Berdt--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Jan 18, 2007, at 4:51 PM, augustlilleaas-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:> > Never heard of SWF upload. Why not use acts_as_attachment instead? > Widely used, nicely tested and written by a rails core dev. > > http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/They are not comparable. SWFupload is a flash file-upload widget with lots of features, see http://labb.dev.mammon.se/swfupload/ -- fxn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> -----Original Message----- > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org [mailto:rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of Xavier Noria > Sent: 21 January 2007 00:03 > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > Subject: [Rails] Re: Session IDs and SWFUpload > > > On Jan 18, 2007, at 4:51 PM, augustlilleaas-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote: > > > > > Never heard of SWF upload. Why not use acts_as_attachment instead? > > Widely used, nicely tested and written by a rails core dev. > > > > http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/ > > They are not comparable. SWFupload is a flash file-upload widget with > lots of features, see > > http://labb.dev.mammon.se/swfupload/ > > -- fxn--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> -----Original Message----- > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org [mailto:rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of Xavier Noria > Sent: 21 January 2007 00:03 > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > Subject: [Rails] Re: Session IDs and SWFUpload > > > On Jan 18, 2007, at 4:51 PM, augustlilleaas-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote: > > > > > Never heard of SWF upload. Why not use acts_as_attachment instead? > > Widely used, nicely tested and written by a rails core dev. > > > > http://svn.techno-weenie.net/projects/plugins/acts_as_attachment/ > > They are not comparable. SWFupload is a flash file-upload widget with > lots of features, see > > http://labb.dev.mammon.se/swfupload/ > > -- fxnI came across the same problem recently and this solved it nicely: http://blog.inquirylabs.com/2006/12/09/getting-the-_session_id-from-swfuploa d/ hth -- Richard Livsey Head of Agile Development, CitySafe http://citysafe.org ....... CitySafe http://thatsprogress.com .. The Fitness Community (soon) http://livsey.org ......... Blog : Musings of a Rails Developer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 21 Jan 2007, at 03:05, Richard Livsey wrote:> I came across the same problem recently and this solved it nicely: > > http://blog.inquirylabs.com/2006/12/09/getting-the-_session_id-from- > swfuploa > d/This is just great, a big thanks to you Richand and to Duane! Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---