why does manually setting $_COOKIE not work (for using Flash upload utility)

[eluser]Chillahan[/eluser]
I am trying to use this Flash upload utility:

http://www.element-it.com/multiple-file-...oader.aspx

It seems great, even supposedly reads the cookies set and passes them in a POST input. So it comes with this sample code. I've tried putting it in the index bootstrap file, but it still doesn't seem to work.

Code:

if(isset($_POST['MultiPowUpload_browserCookie']))
{
    $cookies = explode(";", $_POST['MultiPowUpload_browserCookie']);
    foreach($cookies as $value)
    {
        $namevalcookies = explode("=", $value);
        $browsercookie[trim($namevalcookies[0])] =  trim($namevalcookies[1]);
    }
    $_COOKIE = $browsercookie;
}

Looking in Session library, it does this:

Code:

$session = $this->CI->input->cookie($this->sess_cookie_name);

And all that does is this:

Code:

function cookie($index = '', $xss_clean = FALSE)
{
    return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
}

So why wouldn't this simple solution of re-writing $_COOKIE in the bootstrap when that special POST field is set work? I know it's getting to the if condition. Next I'll try e-mailing the value it's setting to see what it's getting.

[eluser]WanWizard[/eluser]
That only works if your code is executed before the session library is loaded, as it will fetch the session cookie in the class constructor.

If you autoload the session library, you can put your code in a pre-controller hook, as autoloading happens in your controller constructor.

[eluser]Chillahan[/eluser]
Right, that is why I put this as the first thing in the index bootstrap - are you saying that's still not early enough? Nothing is loaded yet at that point, right?

[eluser]WanWizard[/eluser]
LOL, should be early enough, yes.

If that doesn't work, your code is not correct. A quick glance shows me you're assigning something to $_COOKIE. Shouldn't that be $_COOKIE['whatever you have configured as sess_cookie_name']?

[eluser]Chillahan[/eluser]
The For Each loop builds an array, then $_COOKIE is set to that array.

I am going to try statically building the array with my current values hard-coded in and see if whether that works or not. So far I have noticed there are some extra, odd values in the cookie array (starting with underscores), perhaps set by the Flash uploader - but I don't see how that would block it from working, an array is an array.

[eluser]WanWizard[/eluser]
Ok, missed that, I assumed only the session cookie was posted (which would be logical).

You could be running into encoding issues, are you using an encrypted cookie? Add some test code to the index.php, before your code, to dump $_COOKIE (or at least the session key), and compare that to the one send by your uploader.

I've build something similar with swfupload in the past, so there's nothing wrong with the way you're trying to solve it.

[eluser]Chillahan[/eluser]
Wow, took a long time to debug. (and I am still not sure why it didn't work originally) I think it was due to the fact that I was trying different things, and there are different causes:

1. Have to remember to NOT check user agent for session verification (in config.php) - I had set that off, but turned it back on when it didn't solve the problem;

2. Definitely have to trim the key when addressing the inner arrays, otherwise there will be a leading or trailing space in them;

3. I ended up looking only for the two cookies I need, the csrf and the session, and threw away the other ones (not sure if they were causing any issues, they were from analytics tracking and had a lot of extraneous characters, but still seemed to explode just fine - nonetheless, I'll keep it as-is)

4. The csrf doesn't work with the cookie being set (even though it should), so I also set $_POST for that key. (in retrospect, from my memory of the csrf code, maybe it needs some value to be set in the POST, even if it is expired, for it to trigger looking up the cookie value instead?)

5. Not sure it matters (it really shouldn't), but I did an unset($_COOKIE) before setting the values, and also set $_COOKIE = array() first also.

So somewhere in there (or in a mix of those) was the fix. I don't have the time to go back and figure out exactly which fixed it as compared to what I was originally doing - but at least now it works! (which is pretty cool, to have a full-featured uploader that can still authenticate and use everything else that's "normal" in my controllers)

[eluser]Chillahan[/eluser]
[quote author="WanWizard" date="1309814473"]Ok, missed that, I assumed only the session cookie was posted (which would be logical).

You could be running into encoding issues, are you using an encrypted cookie? Add some test code to the index.php, before your code, to dump $_COOKIE (or at least the session key), and compare that to the one send by your uploader.

I've build something similar with swfupload in the past, so there's nothing wrong with the way you're trying to solve it.[/quote]

Right on, I know that happens with me and arrays too (not always obvious if you're passing one value or an array).

Was also going to think more about encoding next, but seemed like it couldn't be possible, it's just a string at the base level. Anyway, glad I got it going, was about to give up (for now) and go with an unauthenticated handler hanging out there.