mountain

SWFUpload 302

关于 SWFUpload 在firefox (ff,火狐)下,报错 302,session,cookie

swfupload是flash采用socket和服务端进行通信了,所以服务端的session值或cookie值在这时候是捕获不到了。在默认的情况下ie是不存在获取不到seesion或cookie值的,然而对于firefox或chrome在dotnet环境下都是不能获取session和cookie值的。
       通过 Global.asax 文件你可以覆盖丢失的Session ID cookie,代码如下(引用官方解决方案):


void Application_BeginRequest(object sender, EventArgs e)
{
/* Fix for the Flash Player Cookie bug in Non-IE browsers.
* Since Flash Player always sends the IE cookies even in FireFox
* we have to bypass the cookies by sending the values as part of the POST or GET
* and overwrite the cookies with the passed in values.
*
* The theory is that at this point (BeginRequest) the cookies have not been ready by
* the Session and Authentication logic and if we update the cookies here we'll get our
* Session and Authentication restored correctly
*/

try
{
string session_param_name = "ASPSESSID";
string session_cookie_name = "ASP.NET_SESSIONID";

if (HttpContext.Current.Request.Form[session_param_name] != null)
{
UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
}
else if (HttpContext.Current.Request.QueryString[session_param_name] != null)
{
UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString[session_param_name]);
}
}
catch (Exception)
{
}

try
{
string auth_param_name = "AUTHID";
string auth_cookie_name = FormsAuthentication.FormsCookieName;

if (HttpContext.Current.Request.Form[auth_param_name] != null)
{
UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
}
else if (HttpContext.Current.Request.QueryString[auth_param_name] != null)
{
UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString[auth_param_name]);
}

}
catch (Exception)
{
}
}
void UpdateCookie(string cookie_name, string cookie_value)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
if (cookie == null)
{
HttpCookie cookie1 = new HttpCookie(cookie_name, cookie_value);
Response.Cookies.Add(cookie1);
}
else
{
cookie.Value = cookie_value;
HttpContext.Current.Request.Cookies.Set(cookie);
}
}

Explaination: This code checks your POST (form) and GET (querystring) for a Session ID. If it finds one then it overrides the session cookie with the value from your POST/GET. Then later when the session is restored the overridden session is what you get (instead of IE's session or a brand new session which was what the bug was causing to happen).

The same sort of thing is done for the Forms Auth cookie, but I didn't actually go back and look at Forms Auth to see how it works to make sure this would work. And I didn't set the Forms Auth bit so it might not even work.

You just need to include a post_param in your SWFUpload page that passes in the session id. Something like:

var swfu = new SWFUpload({
/* lots of settings */
post_params : {
/* other post params */
"ASPSESSID" : "<%=Session.SessionID %>"
}
/* lots more settings */
});

Note: The overriding of the Forms Authentication cookie has not been tested but I think it should still work. Someone will have to let me know.

P.S. & Security Warning: Don't just copy and paste this code in to your ASP.Net application without knowing what you are doing. It introduces security issues and possibilities of Cross-site Scripting.

 

posted on 2011-01-05 14:54  Moutnainer  阅读(1296)  评论(0编辑  收藏  举报

导航