Flash file upload (FileReference) and CF sessions

Report · Apr 11, 2011

Hi,

We have CF8 on top of IIS6. Our CF application requires user authentication (session based). Our CF application offers users ability to upload files with a Flash AS3 SWF application (using FileReference class).

However, when uploading files with the SWF, the current session is not maintained in browsers other than IE. Because our CF application requires authentication this leads to uploading failing (upload page is automatically redirected to login page, as per CF application settings) on all browsers other than IE.

Is there a solution to make Flash Player uploading retain the session? It retains the session with all other interactions (file downloading, Flash Remoting etc.).

The only solution I can think of is doing the uploading with regular HTML, but it doesn't offer all the information and interactivity provided by Flash.

Report · Apr 12, 2011

I guess there isn't and that it's just a "bug" in the ActiveX (IE) Flash Player plugin that it shares the session with uploads done using the AS3 FileReference class.

I'm planning to hack around the problem this way:

- Make an exception for the file upload page in the Application.cfc, so that it doesn't require authenticated session

- Make the uploader SWF first make a Remoting call that receives a unique key for the file upload (also stored on the server in a database)

- The upload page also receives this unique key, usable only once, from the SWF uploader as a parameter and checks from the database the user credentials and that the key is still valid (some manual timeout system)

Another possible hack would be to first load the file into a ByteArray in Flash and then pass that byte data as a POST parameter, but it would require 10.x plugin.

Does anyone know a reason why the "hack" wouldn't work or what complications might follow?

It's hard for me to see what is the point with this FileReference "feature".