Solve the Problem of swfupload in chrome, Firefox and other browsers

swfupload is a very good asynchronous upload component, but it may cause problems when used in browsers such as chrome and Firefox. The problem is as follows: to avoid skipping the upload page and directly sending "general processing of swfupload upload accepted Program " (for example, upload. the webshell vulnerability occurs when a request is sent. ashx implements permission control. Only login users can upload data. There is no problem in IE, but the error "user is not logged on" is reported when running in chrome ".

after searching, it is found that swfupload is uploaded by flash, flash sends the cookie of the current page to upload in IE. ashx, but chrome and Firefox do not send the cookie of the current page to upload. ashx. because session is implemented by the sessionid saved in the cookie (Asp. the net video tutorial describes the relationship between sessions and cookies. If you are not familiar with this, refer to "Chuan Zhi podcast video tutorial version 2011: Asp. net, so that the current page cookie will not be passed to the Flash Request Upload. ashx, so the requested file is sent to upload. ashx is a new session. Of course, this session is not logged on.

The idea for solving this problem is also very simple, that is, manually passing the sessionid to the server, then the server reads the sessionid and loads the session. In fact, the solution to the problem has been provided in the swfupload demo, that is, to set the post_params parameter in the swfupload constructor:

 
Swfu =NewSwfupload ({
//Backend settings
Upload_url: "/upload. ashx ",
Post_params :{
"Aspsessid": "<% = session. sessionid %> "},
 

 

The key-value pairs set in post_params are passed to upload. ashx in form, that is, swfupload provides an interface for adding custom request parameters to requests. The above Code Write the sessionid of the current page to the aspsessid value. After the user uploads the file, the aspsessid will be passed to the server. Add the following code to application_beginrequest of Global. asax:

             VaR Request = httpcontext. Current. request;
 VaR Response = httpcontext. Current. response;
 /* Fix the Flash Player cookie bug in non-ie browsers.
* Since flash player always sends the IE cookies even in Firefox
* We have to bypass the cookies by sending the values as part of the post or get
* And overwrite the cookies with the passed in values.
*
* The theory is that at this point (beginrequest) the cookies have not been read
* The session and authentication logic and if we update the cookies here we'll get our
* Session and authentication restored correctly
  */ 

 Try 
{
 String Session_param_name = " Aspsessid  " ;
 String Session_cookie_name = "  ASP. net_sessionid  " ;

 If (Httpcontext. Current. Request. Form [session_param_name]! = Null )
{
Updatecookie (session_cookie_name, httpcontext. Current. Request. Form [session_param_name]);
}
 Else  If (Httpcontext. Current. Request. querystring [session_param_name]! = Null )
{
Updatecookie (session_cookie_name, httpcontext. Current. Request. querystring [session_param_name]);
}
}
 Catch (Exception)
{
Response. statuscode = 500 ;
Response. Write ( "  Error initializing session " );
}

The updatecookie method is defined as follows:

         Static   Void Updatecookie ( String Cookie_name, String Cookie_value)
{
Httpcookie cookie = httpcontext. Current. Request. Cookies. Get (cookie_name );
 If (Cookie = Null )
{
Cookie =New Httpcookie (cookie_name );
 //  The code in the swfupload demo has a problem. You need to add the cookie. expires setting.  
 Cookie. expires = datetime. Now. addyears ( 1 );
Httpcontext. Current. Request. Cookies. Add (cookie );
}
Cookie. value = cookie_value;
Httpcontext. Current. Request. Cookies. Set (cookie );
}

 

principle: when a user request arrives at ASP. the application_beginrequest method is called first when the net engine is used. In the method, check whether the client has submitted the aspsessid. If so, writes the value of aspsessid to the cookie (using "ASP. net_sessionid "is Key, because ASP. the sessionid is saved in ASP. NET. net_sessionid "in the cookie with the key) . After application_beginrequest, you can read" ASP. the value of net_sessionid is restored to the session on the page.

If the website still uses the formsauthentication verification of membership, you also need to process the authid according to the sessionid method,This is the case when talking about swfupload.Article.

Set the post_params parameter in the swfupload constructor:

Swfu =NewSwfupload ({
//Backend settings
Upload_url: "/adminht/uploadarticleimg. ashx ",
Post_params :{
"Aspsessid": "<% = session. sessionid %> ",
"Authid": "<% = request. Cookies [formsauthentication. formscookiename]. Value %>"
},
 

 

Add the following code to application_beginrequest of Global. asax:

             Try 
{
 String Auth_param_name = "  Authid " ;
 String Auth_cookie_name = formsauthentication. formscookiename;

 If (Httpcontext. Current. Request. Form [auth_param_name]! = Null )
{
Updatecookie (auth_cookie_name, httpcontext. Current. Request. Form [auth_param_name]);
}
 Else   If (Httpcontext. Current. Request. querystring [auth_param_name]! = Null )
{
Updatecookie (auth_cookie_name, httpcontext. Current. Request. querystring [auth_param_name]);
}

}
 Catch (Exception)
{
Response. statuscode = 500 ;
Response. Write ( "  Error initializing Forms authentication  " );
}