|
flash uploader session id security question
i have added a flash/javascript uploader to my joomla site.... the problem with flash is that it does not send the cookies..
look there Sharing sessions between html and flash - Het bijstere spoor this article proposes 4 solutions.... i have implemented the 3rd one... getting the session id by javascript... and i am sending the session id as POST with my flash uploader.... is it secure to do so?? for more details,this is how the uploader works - i construct my uploader with javascript specifying a property url(which is the url of the upload script(upload.php)... - the javascript construct the flash uploader... - i upload a file... the javascript calls a function upload in the flash uploader - the flash uploader uploads the file and execute the upload.php script...(without sending the cookies)... i was planning to write a function in javascript function getCookie(){ return document.cookie; } before my flash uploader uploads something it calls this js function to the the cookies and send these cookies as POST... is it really secured to do so?? if not what's the alternative...? |
| All times are GMT. The time now is 05:18 AM. |
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0