TalkPHP - View Single Post - flash uploader session id security question

johndoe123 · 07-26-2008, 10:23 PM

i have added a flash/javascript uploader to my joomla site.... the problem with flash is that it does not send the cookies..

look there
Sharing sessions between html and flash - Het bijstere spoor

this article proposes 4 solutions.... i have implemented the 3rd one... getting the session id by javascript... and i am sending the session id as POST with my flash uploader.... is it secure to do so??

for more details,this is how the uploader works
- i construct my uploader with javascript specifying a property url(which is the url of the upload script(upload.php)...
- the javascript construct the flash uploader...
- i upload a file... the javascript calls a function upload in the flash uploader
- the flash uploader uploads the file and execute the upload.php script...(without sending the cookies)...

i was planning to write a function in javascript

function getCookie(){
return document.cookie;
}

before my flash uploader uploads something it calls this js function to the the cookies and send these cookies as POST...

is it really secured to do so?? if not what's the alternative...?

07-26-2008, 10:23 PM	#1 (permalink)
johndoe123 The Visitor Join Date: Jul 2008 Posts: 1 Thanks: 0	flash uploader session id security question i have added a flash/javascript uploader to my joomla site.... the problem with flash is that it does not send the cookies.. look there Sharing sessions between html and flash - Het bijstere spoor this article proposes 4 solutions.... i have implemented the 3rd one... getting the session id by javascript... and i am sending the session id as POST with my flash uploader.... is it secure to do so?? for more details,this is how the uploader works - i construct my uploader with javascript specifying a property url(which is the url of the upload script(upload.php)... - the javascript construct the flash uploader... - i upload a file... the javascript calls a function upload in the flash uploader - the flash uploader uploads the file and execute the upload.php script...(without sending the cookies)... i was planning to write a function in javascript function getCookie(){ return document.cookie; } before my flash uploader uploads something it calls this js function to the the cookies and send these cookies as POST... is it really secured to do so?? if not what's the alternative...?