session->userdata empty with swf upload...

[eluser]sikko[/eluser]
Hi all,

I'm using swf upload to allow users to upload avatars.
The swf is calling a url index.php/uploader/upload and is uploading the image.

Now thigs get more complicated: I want to check whether or not the user is logged in.
For that, I need to call

Code:

$this->session->userdata('logged')

but this returns null (despite the fact that I know I AM logged in).
So I called the index.php/uploader/upload url using my browser, and var_dumped the $this variable.
The interesting part is userdata:

Code:

["userdata"]=>
        array(9) {
          ["session_id"]=>
          string(32) "099f1c386b97453ae967ebe353403e7d"
          ["ip_address"]=>
          string(9) "127.0.0.1"
          ["user_agent"]=>
          string(50) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_3) App"
          ["last_activity"]=>
          int(1308958502)
          ["id_user"]=>
          string(1) "1"
          ["username"]=>
          string(5) "sikko"
          ["avatar"]=>
          string(1) "0"
          ["theme"]=>
          string(2) "36"
          ["logged"]=>
          bool(true)
        }

I did the same var_dump with the swf call:

Code:

["userdata"]=>
        array(4) {
          ["session_id"]=>
          string(32) "08d4r67dslfc28466044ccb0d0843ea2"
          ["ip_address"]=>
          string(9) "127.0.0.1"
          ["user_agent"]=>
          string(21) "Adobe Flash Player 10"
          ["last_activity"]=>
          int(1308958802)
        }

Different session_id, different user_agent, and NO id_user, username etc...
So this is why I can not check if user is logged, and cannot update avatars...

Any ideas ? I also tried using php native sessions $_SESSION, but exactly the same....

Thanks in advance for ya help !

[eluser]InsiteFX[/eluser]
You need to search the Forums, this has been answered here before.

InsiteFX

[eluser]sikko[/eluser]
Hi,

Thanks for your answer,

Not sure if this thread http://ellislab.com/forums/viewthread/191009/P0/ is what you are talking about, but it doesn't seem to solve my problem...
I've created the table:

Code:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text DEFAULT '' NOT NULL,
PRIMARY KEY (session_id)
);

but everytime I call the page with swf upload, it creates a new entry in the ci_sessions table whereas with Chrome, it just updates the previous entry.

[eluser]sikko[/eluser]
I thought that

Code:

$config['sess_match_useragent'] = FALSE;

would solve my problem as we change user agent and want to keep our session, but it does not help.

[eluser]InsiteFX[/eluser]
The session table user_agent field should be varchar(120) they have changed it!

Not sure if that is the thread, the one I read had the problem being with sessions.

InsiteFX

[eluser]sikko[/eluser]
Alright I think I found the one: http://ellislab.com/forums/viewthread/150550/.

I'm gonna give it a try.

[eluser]InsiteFX[/eluser]
Sorry but I was not sure were I saw it at.

InsiteFX

[eluser]sikko[/eluser]
No worries

I just read a response from fchristant : http://ellislab.com/forums/viewreply/809354/ Saying that this way is quiet unsecure, and I kinda think the same.
What do you guys think ?
I'll try to implement what he describes, it's a shame that he didn't share his code.