Re-starting a joomla session (1.0.x)

Have a programming question regarding your component, plug-in, extension or core hacks? Have an interesting tidbit, FAQ or programming tip you’d like to share? This is the place for you.

Moderators: tjay, seadap, Rogue4ngel, matthewhayashida

Post Reply
ford
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Aug 18, 2005 11:45 am

Re-starting a joomla session (1.0.x)

Post by ford » Wed Oct 24, 2007 8:12 pm

I'm developing a component that allows upload of pictures via a flash plugin. I tried to get some of my questions anwered in another a subforum without luck, so I'll try to narrow it down a little bit.

When uploading the file, the flash plugin does not transmit session/cookie data so there is no way by default to detect who is doing what. So I need some other method of keeping check on sessions.

What I have been doing is using the following function (from Virtuemart) to get the current session id stored in #__session table:

Code: Select all

function getSessionId() {

global $mainframe;

if( is_callable( array( 'mosMainframe', 'sessionCookieName')))
   {         
      // Joomla >= 1.0.8
      $sessionCookieName = mosMainFrame::sessionCookieName();
      $sessionCookie = mosGetParam( $_COOKIE, $sessionCookieName, null );
      return mosMainFrame::sessionCookieValue( $sessionCookie );
   }
elseif( is_callable( array('mosSession', 'getCurrent' )))
   {
      // Mambo 4.6
      $session =& mosSession::getCurrent();
      return $session->session_id;
   }
elseif( !empty( $mainframe->_session->session_id ))
   {
      // Mambo <= 4.5.2.3 and Joomla <= 1.0.7
      return $mainframe->_session->session_id;
   }
}


I transmit the md5() of this value along with the user id in the calling URL and on the receiving end check them against the md5 of the session value and userid stored in the #__session table. If they match up, then this user is logged in, and processing can continue.

The above method that I have developed works fine in Firefox, Opera and Safari, but not in IE. Does anyone know why?? For some reason, IE logs you out after you have uploaded the file(s). My question is:

1) Is there a way to restart a session?
2) What information is needed to do this, and where do I find it?

Ford
Last edited by ford on Wed Oct 24, 2007 8:15 pm, edited 1 time in total.

User avatar
spignataro
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Aug 18, 2005 3:31 pm
Location: Battle Creek, MI
Contact:

Re: Re-starting a joomla session (1.0.x)

Post by spignataro » Fri Oct 26, 2007 1:14 pm

I to am having the same problem - almost to T and we are having issues with IE as well and not other browsers. We are using Joomla! 1.0.13

Kindest regards,
Steven Pignataro
-- Professional Illusionists - http://www.TheMirrorImages.com
-- Accessibility Experts - http://www.corePHP.com
'corePHP' - Reaching places you just can't get alone.

User avatar
spignataro
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Thu Aug 18, 2005 3:31 pm
Location: Battle Creek, MI
Contact:

Re: Re-starting a joomla session (1.0.x)

Post by spignataro » Fri Oct 26, 2007 4:21 pm

Figured it out - You will want to lower your Session Authentication Method to level 1 - worked for me although i changed the code for this on line 923 to:

Code: Select all

$md5 = md5( $id . $_SERVER['REMOTE_ADDR'] );
$value = $md5;



hope that helps you.

Kindest regards,
Steven Pignataro
-- Professional Illusionists - http://www.TheMirrorImages.com
-- Accessibility Experts - http://www.corePHP.com
'corePHP' - Reaching places you just can't get alone.

ford
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Aug 18, 2005 11:45 am

Re: Re-starting a joomla session (1.0.x)

Post by ford » Mon Nov 26, 2007 1:39 pm

True. Setting Session Authentication Method to Level 1 does seem to solve the issue for IE users.

But certainly, there must be some sort of way to restart the session for levels 2 and 3?

Ford

ford
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Aug 18, 2005 11:45 am

Re: Re-starting a joomla session (1.0.x)

Post by ford » Thu Nov 29, 2007 9:37 am

Hm.

I solved the problem with a work-around. I simply created a separate, non-Joomla file (receiver.php) to receive the incoming files. This prevents IE users from being logged out when using authentication levels 2 and 3.

To make sure that this isn't a spoofed request to receiver.php, I had to create some sort of string uniquely identifying the user and store it as a $_SESSION value before sending the files. An encrypted hash of this string was then transmitted when uploading files. To maintain sessions in receiver.php, I also transmitted the session cookie (PHPSESSID) along with the encrypted hash.

In receiver.php, I restarted the session like this:

Code: Select all

// set session id from cookie passed in accessing URL
session_id($_GET['SESSID']);
session_start();
// get the txuid
$txuid = $_GET['txuid']
// now decrypt the passed URL user identifier and compare it with the $_SESSION stored value
....


Maybe somebody can decipher what I wrote and find it useful
Last edited by ford on Thu Nov 29, 2007 9:51 am, edited 1 time in total.


Post Reply