View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001679 | OXID eShop (all versions) | 4.03. 3rd party libraries | public | 2010-03-03 16:35 | 2010-04-09 10:40 |
| Reporter | aggrosoft | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.2.0 revision 23610 | ||||
| Fixed in Version | 4.3.1 revision 27257 | ||||
| Summary | 0001679: It is impossible to maintain the session while uploading through flash | ||||
| Description | The current session system relies on cookies for restarting the session - a flash client won't send any cookies if the request is done as an upload (using FileReference, all flash versions). If you tell the flash movie to behave like a standard form and send the force_sid or force_admin_sid parameter the shop will create a new session as the user agent changes. In earlier version there was a remoteaccess parameter which made it possible to turn of some of these checks for a certain request. One should be able to connect a flash movie to the store without faking the user agent - there should be some kind of function to prepare a special session key which allows for changed user agents. | ||||
| Additional Information | I could supply a copy of our upload extension which relies on a workaround to get this to work. | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All, FireFox 2.x, FireFox 3.x, Internet Explorer 8.x, Internet Explorer 7.x, Internet Explorer 6.x or older, Google Chrome, Apple Safari, Opera, other | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
|
|
Due to security considerations we disabled functionality based on remoteaccess URL parameter. After fixing this bug there are two ways to access shop remotely: 1. (Implementing earlier in 4.3.0) Add trusted remote IP (the one from which you access the shop remotely) to $this->aTrustedIPs array in config.inc.php file. 2. (Applicable for this case) Add correct remote access token to rtoken URL parameter. The correct token could be obtained by getter [{$oViewConf->getRemoteAccessToken()}] in templates. |
