Re-starting a joomla session (1.0.x)

[ford]

I'm developing a component that allows upload of pictures via a flash plugin. I tried to get some of my questions anwered in another a subforum without luck, so I'll try to narrow it down a little bit.

When uploading the file, the flash plugin does not transmit session/cookie data so there is no way by default to detect who is doing what. So I need some other method of keeping check on sessions.

What I have been doing is using the following function (from Virtuemart) to get the current session id stored in #__session table:

Code: Select all

function getSessionId() {

global $mainframe;

if( is_callable( array( 'mosMainframe', 'sessionCookieName')))
	{			
		// Joomla >= 1.0.8
		$sessionCookieName = mosMainFrame::sessionCookieName();
		$sessionCookie = mosGetParam( $_COOKIE, $sessionCookieName, null );
		return mosMainFrame::sessionCookieValue( $sessionCookie );
	}
elseif( is_callable( array('mosSession', 'getCurrent' )))
	{
		// Mambo 4.6
		$session =& mosSession::getCurrent();
		return $session->session_id;
	}
elseif( !empty( $mainframe->_session->session_id ))
	{
		// Mambo <= 4.5.2.3 and Joomla <= 1.0.7
		return $mainframe->_session->session_id;
	}
}

I transmit the md5() of this value along with the user id in the calling URL and on the receiving end check them against the md5 of the session value and userid stored in the #__session table. If they match up, then this user is logged in, and processing can continue.

The above method that I have developed works fine in Firefox, Opera and Safari, but not in IE. Does anyone know why?? For some reason, IE logs you out after you have uploaded the file(s). My question is:

1) Is there a way to restart a session?
2) What information is needed to do this, and where do I find it?

Ford

[spignataro]

I to am having the same problem - almost to T and we are having issues with IE as well and not other browsers. We are using Joomla! 1.0.13

Kindest regards,

[spignataro]

Figured it out - You will want to lower your Session Authentication Method to level 1 - worked for me although i changed the code for this on line 923 to:

Code: Select all

$md5 = md5( $id . $_SERVER['REMOTE_ADDR'] );
$value = $md5; 

hope that helps you.

Kindest regards,

[ford]

True. Setting Session Authentication Method to Level 1 does seem to solve the issue for IE users.

But certainly, there must be some sort of way to restart the session for levels 2 and 3?

Ford

[ford]

Hm.

I solved the problem with a work-around. I simply created a separate, non-Joomla file (receiver.php) to receive the incoming files. This prevents IE users from being logged out when using authentication levels 2 and 3.

To make sure that this isn't a spoofed request to receiver.php, I had to create some sort of string uniquely identifying the user and store it as a $_SESSION value before sending the files. An encrypted hash of this string was then transmitted when uploading files. To maintain sessions in receiver.php, I also transmitted the session cookie (PHPSESSID) along with the encrypted hash.

In receiver.php, I restarted the session like this:

Code: Select all

// set session id from cookie passed in accessing URL
session_id($_GET['SESSID']);
session_start();
// get the txuid
$txuid = $_GET['txuid']
// now decrypt the passed URL user identifier and compare it with the $_SESSION stored value
....

Maybe somebody can decipher what I wrote and find it useful