View Issue Details

IDProjectCategoryView StatusLast Update
0001679OXID eShop (all versions)4.03. 3rd party librariespublic2010-04-09 10:40
Reporteraggrosoft Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.2.0 revision 23610 
Fixed in Version4.3.1 revision 27257 
Summary0001679: It is impossible to maintain the session while uploading through flash
DescriptionThe current session system relies on cookies for restarting the session - a flash client won't send any cookies if the request is done as an upload (using FileReference, all flash versions).

If you tell the flash movie to behave like a standard form and send the force_sid or force_admin_sid parameter the shop will create a new session as the user agent changes.

In earlier version there was a remoteaccess parameter which made it possible to turn of some of these checks for a certain request.

One should be able to connect a flash movie to the store without faking the user agent - there should be some kind of function to prepare a special session key which allows for changed user agents.
Additional InformationI could supply a copy of our upload extension which relies on a workaround to get this to work.
TagsNo tags attached.
Theme
BrowserAll, FireFox 2.x, FireFox 3.x, Internet Explorer 8.x, Internet Explorer 7.x, Internet Explorer 6.x or older, Google Chrome, Apple Safari, Opera, other
PHP Versionany
Database Versionany

Activities

tomas_liubinas

2010-04-09 10:40

reporter   ~0002500

Due to security considerations we disabled functionality based on remoteaccess URL parameter. After fixing this bug there are two ways to access shop remotely:

1. (Implementing earlier in 4.3.0) Add trusted remote IP (the one from which you access the shop remotely) to $this->aTrustedIPs array in config.inc.php file.
2. (Applicable for this case) Add correct remote access token to rtoken URL parameter. The correct token could be obtained by getter [{$oViewConf->getRemoteAccessToken()}] in templates.