Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

3 Pages123>
Options
Go to last post Go to first unread
Fedor  
#1 Posted : Monday, September 17, 2007 10:32:00 PM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,558

Thanks: 5 times
Was thanked: 62 time(s) in 61 post(s)
When you build web applications with ASP.NET, you may find out that session is lost when uploading files through Image Uploader for Java in Firefox. This article describes how to solve this problem.

Overview

When you try to upload files with Image Uploader in Firefox 2.0.0.5 or later you can find that your session cookies are lost.

This problem is related to:
  • Image Uploader for Java (any version);
  • Mozilla Firefox 2.0.0.5 or later;
  • HTTP-only cookies usage.
Reason

From version 2.0.0.5, Firefox supports HTTP-only cookies and makes it impossible to read them using JavaScript. It increases security and prevents your site from cross-site scripting attacks. In particular such cookies are used in standard ASP.NET authentication mechanism.

When Java version of Image Uploader prepares a POST request before uploading it to the server, it extracts all cookies which are downloaded along with the page that hosts Image Uploader. To get cookie, Image Uploader uses the same object model as you do in JavaScript (as if you use document.cookie).

However the browser does not allow Image Uploader to get HTTP-only cookies. That's why when you post files to the server, it does not get such cookies. In particular it means that ASP.NET is not able to identify the session properly, as well as other undesirable effects.
You may wonder why it worked earlier. The point is that earlier versions of Firefox (as well as other non-IE browsers) interpreted HTTP-only cookies in the same manner as traditional scriptable cookies. It was possible to get access to them through DOM, so Image Uploader did not loose them.

Resolution

To avoid this problem you should use new AddCookie(String) method, which appears in Image Uploader Dual build 4.5.50.0 (Java version version number is 2.5.50.0). If you have earlier version, you should download the latest release from the product download page. This method explicitly attaches a cookie to the upload request.

Note

Although you can send traditional cookies this way, you should use it solely for HTTP-only cookies. Also, you should not use it for ActiveX version.

This method can be used in the BeforeUpload event handler. What you need is to pass to this method a cookie name-value pair as a string, separated with '=' character. The code snippet before demonstrates how to do it. Note, this sample is for ASP.NET only.

Code:
<script language="javascript">
function ImageUploader1_BeforeUpload(){
getImageUploader("ImageUploader").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>');
}
var iu = new ImageUploaderWriter("ImageUploader", 770, 500);
iu.activeXControlEnabled = false;
iu.javaAppletEnabled = true;

//For Java applet we specify only directory with JAR files
iu.javaAppletCodeBase = "./";
iu.javaAppletCached = false;
iu.javaAppletVersion = "2.5.50.0";
iu.showNonemptyResponse = "off";

//Other parameters…
   		    
//Configure URL files are uploaded to.
iu.addParam("Action", "upload.aspx");
iu.addEventListener("BeforeUpload", "ImageUploader1_BeforeUpload");
iu.writeHtml();
</script> 

Edited by user Friday, December 18, 2009 7:48:56 PM(UTC)  | Reason: Not specified

Best regards,
Fedor Skvortsov
Pierre  
#2 Posted : Tuesday, January 15, 2008 5:31:08 AM(UTC)
Pierre

Rank: Newbie

Groups: Member
Joined: 1/15/2008(UTC)
Posts: 2

Thanks for this post.
You wrote: "you should not use it for ActiveX version".

Actually, I am using ImageUploader Dual, and when I write the BeforeUnload function, I do not know whether the java applet or the ActiveX is being used.
- Does not the iu object expand a method or property that indicates whether the component being used is the ActiveX or the Applet java?
- How can I determine (run time) whether I need or not to call the AddCookie method?
- What is the problem if I call AddCookie when using the ActiveX?

Thanks!
Pierre  
#3 Posted : Tuesday, January 15, 2008 7:08:30 PM(UTC)
Pierre

Rank: Newbie

Groups: Member
Joined: 1/15/2008(UTC)
Posts: 2

I found the answer myself. In order to introduce the fix without bothering whether using the ActiveX or the Java applet, we can test the AddCookie method before:

Code:
function ImageUploader1_BeforeUpload(){
  var iu = getImageUploader("ImageUploader1");
  if (iu.AddCookie)
    iu.AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>');
}


In such a way, iu.AddCookie will not be called in the case the ActiveX is used.

Edited by user Friday, December 18, 2009 7:49:33 PM(UTC)  | Reason: Not specified

Fedor  
#4 Posted : Wednesday, January 16, 2008 12:11:43 AM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,558

Thanks: 5 times
Was thanked: 62 time(s) in 61 post(s)
Hello,

Thank you for useful code sample.

You can use also use getControlType() method of ImageUploaderWriter:

Code:
<script language="javascript">
function ImageUploader1_BeforeUpload(){
getImageUploader("ImageUploader1").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>');
}
var iu = new ImageUploaderWriter("ImageUploader", 770, 500);
iu.activeXControlEnabled = false;
iu.javaAppletEnabled = true;

//For Java applet we specify only directory with JAR files
iu.javaAppletCodeBase = "./";
iu.javaAppletCached = false;
iu.javaAppletVersion = "2.5.50.0";
iu.showNonemptyResponse = "off";

//Other parameters…
              
//Configure URL files are uploaded to.
iu.addParam("Action", "upload.aspx");
if (iu.getControlType() == "Java"){
    iu.addEventListener("BeforeUpload", "ImageUploader1_BeforeUpload");
}
iu.writeHtml();
</script>


In this case ImageUploader1_BeforeUpload event handler will be called for Java version only.

Edited by user Sunday, February 24, 2008 5:44:35 PM(UTC)  | Reason: Not specified

Best regards,
Fedor Skvortsov
StewartR3  
#5 Posted : Tuesday, March 4, 2008 9:04:47 PM(UTC)
StewartR3

Rank: Newbie

Groups: Member
Joined: 3/4/2008(UTC)
Posts: 9

I am using ASP Classic. What is the code to use in place of
"<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>"?

My Image Uploader is version 5.0.40
Fedor  
#6 Posted : Wednesday, March 5, 2008 4:23:04 AM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,558

Thanks: 5 times
Was thanked: 62 time(s) in 61 post(s)
carolyn@digicastcards.com wrote:
I am using ASP Classic. What is the code to use in place of
"<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>"?

My Image Uploader is version 5.0.40


Do you use authentication based on standard ASP sessions (Session.SessionID and so on)?
Best regards,
Fedor Skvortsov
Eugene Kosmin  
#7 Posted : Tuesday, March 18, 2008 5:09:41 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
There is a small web application in the attachment which demonstrates AddCookie method usage. This is small ASP.NET code snippet written on vs2005/.NET 2.0, based on An Overview of Forms Authentication tutorial.

I think it could be helpful in some cases, because AddCookie method question is still one of the most wanted.

P.S. There is readme.txt inside attachment with additional information.
File Attachment(s):
AddCookieSnippet.zip (11kb) downloaded 178 time(s).
Best regards,
Eugene Kosmin.
Aurigma Development Team
Fedor  
#8 Posted : Wednesday, March 19, 2008 8:41:29 PM(UTC)
Fedor

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 7/28/2003(UTC)
Posts: 1,558

Thanks: 5 times
Was thanked: 62 time(s) in 61 post(s)
Also I want to add that classic ASP can use different random cookie names for working with sessions. For example here are the examples of such cookies names:

ASPSESSIONIDQSADRADT=DJGKPNMACDAJEPGHHKEPFOEB
ASPSESSIONIDQSCCTBDS=NPKKPFKAPCNEEBMEKIDCPNKG
ASPSESSIONIDSSCARBCS=JDCHGKPAOJFMKEAGIIMLGCAD

It is not just ASPSESSIONID but ASPSESSIONIDSOME_RANDOM_IN_THE END. I have not found the way how to know the session cookie name on server side.

Best regards,
Fedor Skvortsov
andrewh  
#9 Posted : Tuesday, May 6, 2008 5:38:55 AM(UTC)
andrewh

Rank: Newbie

Groups: Member
Joined: 5/6/2008(UTC)
Posts: 4

Hi, forgive me if this is a rather daft question, but I have been trying to get these fixes to work for Firefox for a few days now and I keep getting weird error messages that suggest to me I've done something a bit stupid Brick wall

It falls over in FF with the following error:
BC30034: Bracketed identifier is missing closing ']'.
and highlights the line below (Marked)

Everything works fine in IE (without the fix for redirect), so it is def soemthing to do with this line.

Any help greatly appreciated.

regards
Andrew

Code:
<script type="text/javascript">
//Create JavaScript object that will embed Image Uploader to the page.
var iu = new ImageUploaderWriter("ImageUploader1", 650, 400);

function ImageUploader_BeforeUpload()
            {
                // Here we are adding Authentication cookies manually
	            
// ********** ERROR LINE getImageUploader("ImageUploader").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>;');
// ********** ERROR LINE 
            }

//For ActiveX control full path to CAB file (including file name) should be specified.
iu.activeXControlCodeBase = "gallery/ImageUploader5.cab";
iu.activeXControlVersion = "5,0,15,0";

//For Java applet only path to directory with JAR files should be specified (without file name).
iu.javaAppletJarFileName = "ImageUploader5.jar";
iu.javaAppletCodeBase = "gallery/";
iu.javaAppletCached = true;
iu.javaAppletVersion = "5.0.15.0";

iu.showNonemptyResponse = "off";

iu.addParam("RedirectUrl", "photo-album-edit.aspx");

//Configure appearance and behaviour.
iu.addParam("PaneLayout", "TwoPanes");
iu.addParam("ShowDebugWindow", "true");
iu.addParam("ShowDescriptions", "false");
iu.addParam("BackgroundColor", "#ffffff");

//Configure Image Uploader to rotate photos automatically 
//according to the orientation stored in EXIF metadata.
iu.addParam("AllowAutoRotate", "true");

//Append the form with total file size to the upload.
iu.addParam("AdditionalFormName", "Form1");

//Configure file mask to upload JPEG images only.
iu.addParam("FileMask", "*.jpeg;*.jpg;*.jpe;*.gif");

//Set image size restrictions.
//iu.addParam("MinImageWidth", "360");
//iu.addParam("MinImageHeight", "360");

//Exclude the source file from upload because only 
//resized versions of the photo will be sent.
iu.addParam("UploadSourceFile", "false");

//Configure URL files are uploaded to.
iu.addParam("Action", "photo-upload.aspx");
            if ("Java" == iu.getControlType())
            {
                iu.addEventListener("BeforeUpload", "ImageUploader_BeforeUpload");
            }


//Add event handlers.
iu.addEventListener("UploadFileCountChange", "ImageUploader_UploadFileCountChange");
iu.addEventListener("Progress", "ImageUploader_Progress");

//Tell Image Uploader writer object to generate all necessary HTML code to embed 
//Image Uploader to the page.
iu.writeHtml();

	</script>

Edited by user Friday, December 18, 2009 7:51:01 PM(UTC)  | Reason: Not specified

Eugene Kosmin  
#10 Posted : Wednesday, May 7, 2008 11:28:11 AM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
Hi Andrew,

I have tested your code with AddCookieSnippet from my previous post and it worked fine both in IE and Firefox.

What is the version of ASP.NET on your web server?
Best regards,
Eugene Kosmin.
Aurigma Development Team
andrewh  
#11 Posted : Thursday, May 8, 2008 5:27:41 AM(UTC)
andrewh

Rank: Newbie

Groups: Member
Joined: 5/6/2008(UTC)
Posts: 4

Hi - does the line of code:
getImageUploader("ImageUploader").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>;');

go in EXACTLY like this - or do I need to make some changes - this is where the errors are coming from.

I am using vs2005 on .net2.0.

Thanks for the help
Eugene Kosmin  
#12 Posted : Sunday, May 11, 2008 4:19:25 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
Hi Andrew,

I have copied this string from your post and it was exactly the same.

Perhaps you didn’t set the page language on the top of your page, the default is Visual Basic. Please make sure that you set language = “C#”:

Code:
<%@ Page Language="C#" AutoEventWireup="true" Codebehind="Default.aspx.cs" Inherits="AuthTestApp2.Default"
    Title="Test Page" %>
Best regards,
Eugene Kosmin.
Aurigma Development Team
andrewh  
#13 Posted : Monday, May 12, 2008 5:57:03 AM(UTC)
andrewh

Rank: Newbie

Groups: Member
Joined: 5/6/2008(UTC)
Posts: 4

Hi - thanks - that fixed the compilation error!!
However, I am still getting the error "The server attempted to redirect you but server redirects are not supported".
Your code snippet worked fine but it doesn't have the equivalent of my:
iu.addParam("RedirectUrl", "photo-album-edit.aspx");
line in which I guess is what is causing the problem??

Everything works fine in IE, just firefox 2.0.0.14

Any further help would be greatly appreciated.
regards
Andrew
Eugene Kosmin  
#14 Posted : Monday, May 12, 2008 12:48:47 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
This error means that your UPLOAD SCRIPT tries to redirect upload POST to another URL. I suspect that if you remove your RedirectUrl – the problem will remain. RedirectUrl affects only client page redirect.

Please check your upload script for redirect actions.
Best regards,
Eugene Kosmin.
Aurigma Development Team
andrewh  
#15 Posted : Monday, May 12, 2008 5:46:20 PM(UTC)
andrewh

Rank: Newbie

Groups: Member
Joined: 5/6/2008(UTC)
Posts: 4

Yes it does do a redirect - is this not possible anymore?
Currently in ie, the users go from a management page to a photo selection page, press upload then go back to the management page automatically (through a response.redirect on the upload page) - is this not possible now?
Eugene Kosmin  
#16 Posted : Tuesday, May 13, 2008 1:42:32 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
Redirect is still possible. The behavior you described should work correctly.

But you can’t do redirect from the script which handles your upload data. URL to this
script is specified in Action property. For example, you can’t do such thing in upload.aspx:
Code:
<script runat="server">
void Page_Load()
{
    Response.Redirect("RedirectAction.aspx");
}
</script>
Best regards,
Eugene Kosmin.
Aurigma Development Team
grouphutDev  
#17 Posted : Sunday, June 22, 2008 6:47:59 PM(UTC)
grouphutDev

Rank: Newbie

Groups: Member
Joined: 6/12/2008(UTC)
Posts: 8


Hi,

i am using ASP.NET 2.0 and using windows authentication not the FormsAuthentication.

Please suggest what string should i use in place of

function ImageUploader1_BeforeUpload()
{
getImageUploader("ImageUploader1").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>');
}


As using the above code i get an error :

"Object reference not set to an instance of an object."

Please suggest d'oh! Think

Thanks
Eugene Kosmin  
#18 Posted : Sunday, June 22, 2008 7:58:16 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 446

Was thanked: 24 time(s) in 24 post(s)
Hi,

Windows authentication does not use cookies, try to remove this string.
Best regards,
Eugene Kosmin.
Aurigma Development Team
grouphutDev  
#19 Posted : Sunday, June 22, 2008 10:32:08 PM(UTC)
grouphutDev

Rank: Newbie

Groups: Member
Joined: 6/12/2008(UTC)
Posts: 8


Hi Eugene,

I am using Image Uploader 5.1.10.0 Dual version but it does not work on Mozilla/Firefox

It shows the error messsage :

"The server attempted to redirect you, but server redirects are not supported".

Please suggest what string should i use in place of that function

ImageUploader1_BeforeUpload()
{
getImageUploader("ImageUploader1").AddCookie('<%=FormsAuthentication.FormsCookieName %>=<%= Request.Cookies[FormsAuthentication.FormsCookieName].Value %>');
}

as the <authentication mode="Windows" /> in my project.

Thanks
Dmitry  
#20 Posted : Monday, June 23, 2008 8:19:24 PM(UTC)
Dmitry

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 8/3/2003(UTC)
Posts: 1,070

Thanks: 1 times
Was thanked: 12 time(s) in 12 post(s)
grouphutDev wrote:

I am using Image Uploader 5.1.10.0 Dual version but it does not work on Mozilla/Firefox


Does Firefox and Image Uploader prompt for user/password?
Sincerely yours,
Dmitry Sevostyanov

UserPostedImage Follow Aurigma on Twitter!
Users browsing this topic
3 Pages123>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.