Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
hyperlinked  
#1 Posted : Friday, April 25, 2008 10:09:52 AM(UTC)
hyperlinked

Rank: Advanced Member

Groups: Member
Joined: 4/24/2008(UTC)
Posts: 31

Anyone here have some tips they can share on how you can authenticate the upload from ImageUploader on the server end?

Here's my problem. I'm integrating ImageUploader with a forum application written in PHP. I need to verify the following things whenever an image is uploaded using ImageUploader:

1) That the user uploading is allowed to upload this image
2) That the user uploading is logged in and is not a spoofed user

In checking my forum's sessions tables, it appears that ImageUploader has its own session and once I click on the "Send" button to upload the images, the User's session is instantly terminated. Since the user has no session, I'm unable to authenticate the user against my member database. I tried passing the session ID as a form variable, but that doesn't work either because there will be no session ID to match against. When the upload completes and the user is redirected, the user is instantly logged back in based on a login cookie.

The user does not notice anything strange, but the server thinks the user made an upload and then logged off and back on really quickly. Anyone else run into this same issue or have any ideas on how to get around this problem with authenticating a user session through an upload?
Eugene Kosmin  
#2 Posted : Sunday, April 27, 2008 12:48:50 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 439

Was thanked: 22 time(s) in 22 post(s)
Hello,

Image Uploader sends page cookies along with other upload content. So upload could be authenticated by auth cookies.

1. Did you try to upload something through standard upload button? Is it work?

2. What Image Uploader version do you use? Please try to test it with both Java and ActiveX versions.
Best regards,
Eugene Kosmin.
Aurigma Development Team
hyperlinked  
#3 Posted : Tuesday, April 29, 2008 12:29:16 PM(UTC)
hyperlinked

Rank: Advanced Member

Groups: Member
Joined: 4/24/2008(UTC)
Posts: 31

Do I need to do anything to have the cookies sent or are they automatically passed by the application? I'm using the Java version. I haven't tested to see how the ActiveX version behaves.

One thing that could potentially be an issue is that I'm using it on a server I set-up on my localhost.

Eugene Kosmin  
#4 Posted : Tuesday, April 29, 2008 5:23:11 PM(UTC)
Eugene Kosmin

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 9/19/2006(UTC)
Posts: 439

Was thanked: 22 time(s) in 22 post(s)
If your forum uses HTTP-only cookies, this could be a problem for Java IU.

You can read the related FAQ topic: PRB: Image Uploader for Java looses HTTP-only cookies.

If this is HTTP-only problem, ActiveX version will work fine, please try to test it.
Best regards,
Eugene Kosmin.
Aurigma Development Team
hyperlinked  
#5 Posted : Sunday, May 25, 2008 1:36:45 PM(UTC)
hyperlinked

Rank: Advanced Member

Groups: Member
Joined: 4/24/2008(UTC)
Posts: 31

I used the add cookie directive and it partially worked for me. The problem for me was that the forum software that it was uploading to took several passes at reading the session information from the post request. It would find the cookie based session_id initially, but by the last pass, the cookie's session_id would be lost and the upload would fail.

I was able to step around this issue by also including the session_id as a hidden input field in additional form fields I sent with my upload. If my application couldn't find its usual session_id, it would check to see if a session_id had been passed via a post request. If one was, then the session_id is checked and normal behavior continues if the ID checks out ok.

I just thought I'd add my resolution in case it helps someone else.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.