Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
4.1.0beta1
-
None
Description
There is a bug in flash / Firefox that is causing request (at least upload requests) to not include any cookie information, so PHP sessions are lost.
This stops the ezmultiupload extension from working when using Firefox against a siteaccess that forces login (admin siteaccess does this by default).
This issue is described several places on the net, and all places tend to recommend to add the session name + id to the url, basically SID constant in PHP.
But as PHP may or may not accept session by url depending on settings, we should instead fix this in our custom session handler, and for some extra security and to avoid conflicts with PHP session handler only allow by POST (and not GET) if session cookie is not set.
Attachments
Issue Links
- relates to
-
EZP-7239 Session-bug with cookieless browser (with fix)
- Closed