Session is different if flash uploads photo to the

2019-07-29 16:37发布

问题:

I have a aspx called user-photo-upload.aspx and another aspx called get-photo.aspx. I set the Session["PhotoId"] in the page_load method of user-photo-upload.aspx.

If I visit the user-photo-upload.aspx through the browser normally, the session can be retrieved in get-photo.aspx. But if the flash uploads photo to the user-photo-upload.aspx page, I can't get the Session["PhotoId"] in get-photo.aspx.

I discover that the Session ID is different when visiting the page using browser normally or by flash. I don't know why flash uses another session.

What should I do?

回答1:

The Flash plugin acts as a separate client, so both the browser and the plugin receiving individual session IDs is the expected behavior.

You will have to work around this by setting the original session ID as a variable in the Flash movie, either as a FlashVar or via JavaScript, then sending it as a GET parameter to the server along with the first request issued, and replacing the new ID created for the Flash client with the one that was given to the server.

This question relates to the same problem in Java, perhaps it can help you to solve your problem.



回答2:

We had the same problem with a Flash Uploader. This is how we solved it...

(1) We added a new parameter session_id to the client side init code of the Flash Uploader:

<script type="text/javascript"> 
   var swfu<%=RandomId %>;
   $(document).ready(function() {
      swfu<%=RandomId %> = new SWFUpload({
    // Backend Settings
    upload_url: "./picupload.aspx",
    post_params : {                    
         "PictureCategory" : "<%= EncryptedPictureCategory() %>",
         "picture_id": "<%= EncryptedPictureId() %>",
         "session_id": "<%= HttpContext.Current.Session.SessionID %>"
     },
     // *snip* ...
</script>

(2) We altered our Session_Start method in Global.asax.cs to accept Session IDs from the request:

protected void Session_Start(Object sender, EventArgs e)
{
    if (Request["session_id"] != null)
    {
        bool isRedirected, isCookieAdded;
        string oldSessionId = Request["session_id"];
        SessionIDManager manager = new SessionIDManager();
        manager.RemoveSessionID(HttpContext.Current);
        manager.SaveSessionID(HttpContext.Current, oldSessionId, out isRedirected, out isCookieAdded);
    }
    else
    {
        Response.Redirect(LoginPagePath);
    }
}