Aurigma Forums
»
Upload Suite
»
Discussions – ActiveX/Java Uploader
»
Maintaining Sessions and Authentication Through ImageUploader Post
Rank: Advanced Member
Groups: Member
Joined: 4/24/2008(UTC) Posts: 31
|
Anyone here have some tips they can share on how you can authenticate the upload from ImageUploader on the server end?
Here's my problem. I'm integrating ImageUploader with a forum application written in PHP. I need to verify the following things whenever an image is uploaded using ImageUploader:
1) That the user uploading is allowed to upload this image 2) That the user uploading is logged in and is not a spoofed user
In checking my forum's sessions tables, it appears that ImageUploader has its own session and once I click on the "Send" button to upload the images, the User's session is instantly terminated. Since the user has no session, I'm unable to authenticate the user against my member database. I tried passing the session ID as a form variable, but that doesn't work either because there will be no session ID to match against. When the upload completes and the user is redirected, the user is instantly logged back in based on a login cookie.
The user does not notice anything strange, but the server thinks the user made an upload and then logged off and back on really quickly. Anyone else run into this same issue or have any ideas on how to get around this problem with authenticating a user session through an upload?
|
|
|
|
Rank: Advanced Member
Groups: Member, Administration, Moderator Joined: 9/19/2006(UTC) Posts: 505
Was thanked: 41 time(s) in 41 post(s)
|
Hello,
Image Uploader sends page cookies along with other upload content. So upload could be authenticated by auth cookies.
1. Did you try to upload something through standard upload button? Is it work?
2. What Image Uploader version do you use? Please try to test it with both Java and ActiveX versions.
|
Best regards, Eugene Kosmin The Aurigma Development Team
|
|
|
|
Rank: Advanced Member
Groups: Member
Joined: 4/24/2008(UTC) Posts: 31
|
Do I need to do anything to have the cookies sent or are they automatically passed by the application? I'm using the Java version. I haven't tested to see how the ActiveX version behaves.
One thing that could potentially be an issue is that I'm using it on a server I set-up on my localhost.
|
|
|
|
Rank: Advanced Member
Groups: Member, Administration, Moderator Joined: 9/19/2006(UTC) Posts: 505
Was thanked: 41 time(s) in 41 post(s)
|
|
Best regards, Eugene Kosmin The Aurigma Development Team
|
|
|
|
Rank: Advanced Member
Groups: Member
Joined: 4/24/2008(UTC) Posts: 31
|
I used the add cookie directive and it partially worked for me. The problem for me was that the forum software that it was uploading to took several passes at reading the session information from the post request. It would find the cookie based session_id initially, but by the last pass, the cookie's session_id would be lost and the upload would fail.
I was able to step around this issue by also including the session_id as a hidden input field in additional form fields I sent with my upload. If my application couldn't find its usual session_id, it would check to see if a session_id had been passed via a post request. If one was, then the session_id is checked and normal behavior continues if the ID checks out ok.
I just thought I'd add my resolution in case it helps someone else.
|
|
|
|
Aurigma Forums
»
Upload Suite
»
Discussions – ActiveX/Java Uploader
»
Maintaining Sessions and Authentication Through ImageUploader Post
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.