[eluser]Lone[/eluser]
I have gone into full testing mode for our newest app which of course involves playing around with everyones fave - IE6. I have just about given up sorting this one out - its a real killer!
Please note I am using the standard Session class for this.
What is happening is the user logs into the website and then goes to an 'add' page that is using SWFUpload to upload photos within. The instant SWFUpload is used in IE6 and IE7 any further page access by the user has them 'logged out' as the session ID has been changed.
When uploading via SWFUpload the SWF file uploads to a function in a controller - that function sees the SWF file as a different person as it has a different user agent. Problem is that somehow it also changes the logged in users session.
I have DB sessions enabled and this is the result in phpmyadmin after using SWFUpload:
Code:
57acbeffafdd502757ce2a119ed266aa 10.1.1.3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 1203509227
95d1b4a698fb2fe50ad0fad565bd8d0b 10.1.1.3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 1203509227
9c4cce73d3a443b707a6aa37c0e1ffd2 10.1.1.3 Shockwave Flash 1203509227
8c75e6172f6d218479d5d407b363723d 10.1.1.3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 1203509142
The last row is the original session and then there has been three others created!
Does anyone have any idea what is going on here? I tried turning off the sess_match_useragent setting which actually fixed the problem - but obviously leaves a big security flaw.
I can understand how the SWF file is treated as a different user but I don't get why the browser session has changed and only in IE6 & IE7 not firey. It looks like a cookie problem as far as I can see so far?