开发者

Cakephp Session lost in Flash player

Just want to know if anyone have the same problem.

The website need to login to perform certain task. We use stock Auth component to do the job.

Everything is fine until it hits an interface which build in Flash. Talking to Amf seems fine. But when the Flash player try to talk to other controller - got redirect because the session in not presented.

So basically when a user login - I need to somehow find a way to login the Flash player in as well.


ADDITION: This only solve half of the problem.

Backtrack a little bit. How the Auth components evaluate the requester?

If the Session.checkAgent is true. They check if its the last one. So Flash has no chance they have a different Agent string.

OK now - Auth check them out - what? The Session cookie they store earlier ... so fail again.

UPDATE

Thanks for all the answers.

I have tried the suggested solution. Only one problem.

开发者_如何转开发I am using Amf (as Cakephp Plugins) when I tried to test if the $this->params['actions'] is start with amf - it works sometime doesn't work sometime. Looking at "Charles" I can see they all call to the amf controller. Very puzzling ....


in config/core.php try

Configure::write('Session.checkAgent', false);


It appears that if you manage to call your Session->id($sessionId) before any call to Session->read(), Session->check() or Session->write(), you don't need to bother with all the destroy old session, update userAgent and delete cookie stuff.


use this in beforeFilter action of your controllere called by flash:

if ($this->action == 'flashCalledAction') {
    Configure::write('Security.level', 'medium');
    //Using instead the session specified
$this->Session->destroy();
$this->Session->id($_REQUEST['sessionId']);
$this->Session->start();

// We revert to the original userAgent because starting a new session modified it
$this->Session->write('Config.userAgent', $_REQUEST['userAgent']);
// We delete the flash cookie, forcing it to restart this whole process on each request
setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->Session->path);         
    }

then you have to pass these 2 params in each flash call to this controller:

param: 'userAgent' -> value: '$this->Session->read('Config.userAgent')' 
param: 'sessionId' -> value: $this->Session->id()   


http://blogs.bigfish.tv/adam/2008/04/01/cakephp-12-sessions-and-swfupload/

This is specifically for swfUpload but the process of appending the session_id to the urls and the settings for checkAgent and session security are covered and should help point you in the right direction.


Flash doesn't send the cookie along with its requests, that's why Cake doesn't log it in. The way I do it is: you need to somehow pass $this->Session->id() along with your flash requests. That is probably the hardest part because some flash application doesn't let you tag some info along in the request. Then write a component (FlashComponent, or whatever you want to call it) that check if it's a flash request, then look for the session id in its request and set the session id. You need to include this component before 'Auth': so var $components = array('Flash','Auth',...) to intercept the request before Auth does.

Or you can set Auth->allow list, but then you will expose these actions to non-authorization, and the action won't know who the current logged in user is (unless you can pass something in the flash request, in that case, use my first solution).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜