0

I'm using a flash component in my symfony2 application which uploads multiple images, and when they reach the server I want to re-open the session so that I can store the image in a location relative to the logged in user. I am sending the PHP session ID with each file upload...

In vanilla PHP I can achieve this along the lines of...

session_id($originalSessionId);
session_start();

but is there a symfony2 way of doing this using the security context?

EDIT: This is a similar question, although I want to maybe create some kind of token based login by passing a token and securing the upload URL with a separate firewall.

Improve this question

4 Answers 4

Reset to default
6

First, you need to create your own session storage class like the following:

<?php
namespace Elao\BackBundle\Session;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\SessionStorage\NativeSessionStorage;

class Storage extends NativeSessionStorage
{
    public function __construct(array $options = array(), ContainerInterface $container)
    {
        $request = $container->get('request');
        if ($request->query->has('sessionId')) {
            $request->cookies->set(session_name(), 1);    // We have to simulate this cookie, in order to bypass the "hasPreviousSession" security check
            session_id($request->query->get('sessionId'));
        }
        return parent::__construct($options);
    }
}

Then, you must redefine the default one (in your config.yml for example):

parameters:
    session.storage.native.class: ElaoBackBundleSessionStorage
services:
    session.storage.native:
        class:     %session.storage.native.class%
        arguments: [%session.storage.options%, @service_container]
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hey there, is there a solution for today's version of symfony2 please, this one seems to be not working anymore :)
2

I ran into the same issue when using SWFUpload to allow for multiple-file uploads. What I did was modified app[_dev].php:

if (array_key_exists(ini_get('session.name'), $_GET)) {
    $_COOKIE[ini_get('session.name')] = $_GET[ini_get('session.name')];
}

In the view, I set the upload url to 

{{ path('...') }}?{{ session.name }}={{ session.value }}

And in the controller calling this view,

return $this->render('...html.twig', array(
    'session' => array(
        'name' => ini_get('session.name'),
        'value' => session_id(),
    ),
));

Hope this helps!

Improve this answer

Comments

1

As you probably know Symfony routes all requests to app or app_dev.php. I would add a rewrite rule for the upload page to a new php file, here if the session id is in the $_GET variables set it as a $_COOKIE then include app.php or app_dev.php.

You could also save the files, on success have the user send an ajax call to the server which than associates those files with the user.

Let me know if you figure out a solution that is less of a hack.

Improve this answer

Comments

-1

Why do you want this? Session id should be the same when user uploads images and when he is redirected to the page, that process them. Symfony autostarts your session usually.

Improve this answer

2 Comments

Flash doesn't send your session cookie
see this: stackoverflow.com/questions/1006758/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.