Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming PHP Sessions
PHP Sessions
  • El Forum
    Guest
  •  
#1
11-20-2010, 06:23 PM

[eluser]Christophe28[/eluser]
Hello,

I'm stuck on the following ...

On my website users can upload photos using swf upload. Because of a bug in flash I manually send the cookie to the webserver. At serverside, I basically say: if(IS_FLASH) { do not update session } This works fine!

However, an upload can take a while and on the same page users can drag/drop the photos by using AJAX. Of course, AJAX is also a request to the webserver and the chances are good the session will be updated while the file is still uploading. If this happens I get the following error back when the upload is done:

Code:
Error #2044: Unhandled IOErrorEvent:. text=Error #2038: File I/O Error.

What happened is (I think) when the upload is done, the server send a thumbnail back. Because the cookie is updated (by AJAX) it gives an error.

Code:
$sess_time_to_update = (IS_FLASH) ? (999999999) : (5) ; // 5 = testing purpose
$config['sess_time_to_update']     = $sess_time_to_update;

In my opinion, the only solution is set $config['sess_time_to_update'] always to 999999999. Basically say, never update a session which gives us security issues ... or not?

Thanks for the help!

Christophe
  • El Forum
    Guest
  •  
#2
11-20-2010, 06:27 PM

[eluser]WanWizard[/eluser]
Instead of modifying the config, extend the Session class and overload the sess_update method. Search for IS_AJAX and sess_update here to find an example. In your case, also add IS_FLASH to prevent session id rotation for ajax and flash calls.

Note that this only works if you don't have other resources being rewritten to CI, for example assets.
  • El Forum
    Guest
  •  
#3
11-21-2010, 05:19 AM

[eluser]Christophe28[/eluser]
But isn't this just moving the problem? I agree extending the session class would be a better solution than modifying the config, but what if users opens a new tab in the browser and surf the same website while uploading files with swf-upload in the other browser tab. As you know, with swf-upload you can upload many files at once (which will take a while) so the chances are good the session and cookie will be updated during upload, which will break the upload in the other browser Sad

That is the main problem ...

I have never extend a CI class. Can you simply create a new class (for example MY_Session.php) in libraries and rewrite a the existing function, for example sess_update?

Thanks!

Christophe
  • El Forum
    Guest
  •  
#4
11-21-2010, 06:19 AM

[eluser]WanWizard[/eluser]
Yes, this doesn't protect you from a user opening multiple windows.

For that, the session class has to be rewritten. I've posted a quick fix a few weeks ago (use the search, or go via my profile to get all my posts), a replacement sessions library that you can drop into application/libraries, and fixes the ajax problem. You'll have to add your flash test to that.

It basically remembers the old session id when an update happens, and tries to find the session by both the new and the old id. You have to make sure the session update time is about as long as the longest expected upload, because this system doesn't work after two updates...




Theme © iAndrew 2016 - Forum software by © MyBB