java swfupload 302_SWFUpload 302

swfupload是flash采用socket和服务端进行通信了，所以服务端的session值或cookie值在这时候是捕获不到了。在默认的情况下ie是不存在获取不到seesion或cookie值的，然而对于firefox或chrome在dotnet环境下都是不能获取session和cookie值的。

通过 Global.asax 文件你可以覆盖丢失的Session ID cookie,代码如下(引用官方解决方案)：

void Application_BeginRequest(object sender, EventArgs e)

{

/* Fix for the Flash Player Cookie bug in Non-IE browsers.

* Since Flash Player always sends the IE cookies even in FireFox

* we have to bypass the cookies by sending the values as part of the POST or GET

* and overwrite the cookies with the passed in values.

*

* The theory is that at this point (BeginRequest) the cookies have not been ready by

* the Session and Authentication logic and if we update the cookies here we'll get our

* Session and Authentication restored correctly

*/

try

{

string session_param_name = "ASPSESSID";

string session_cookie_name = "ASP.NET_SESSIONID";

if (HttpContext.Current.Request.Form[session_param_name] != null)

{

UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);

}

else if (HttpContext.Current.Request.QueryString[session_param_name] != null)

{

UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString[session_param_name]);

}

}

catch (Exception)

{

}

try

{

string auth_param_name = "AUTHID";

string auth_cookie_name = FormsAuthentication.FormsCookieName;

if (HttpContext.Current.Request.Form[auth_param_name] != null)

{

UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);

}

else if (HttpContext.Current.Request.QueryString[auth_param_name] != null)

{

UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString[auth_param_name]);

}

}

catch (Exception)

{

}

}

void UpdateCookie(string cookie_name, string cookie_value)

{

HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);

if (cookie == null)

{

HttpCookie cookie1 = new HttpCookie(cookie_name, cookie_value);

Response.Cookies.Add(cookie1);

}

else

{

cookie.Value = cookie_value;

HttpContext.Current.Request.Cookies.Set(cookie);

}

}

Explaination: This code checks your POST (form) and GET (querystring) for a Session ID. If it finds one then it overrides the session cookie with the value from your POST/GET. Then later when the session is restored the overridden session is what you get (instead of IE's session or a brand new session which was what the bug was causing to happen).

The same sort of thing is done for the Forms Auth cookie, but I didn't actually go back and look at Forms Auth to see how it works to make sure this would work. And I didn't set the Forms Auth bit so it might not even work.

You just need to include a post_param in your SWFUpload page that passes in the session id. Something like:

var swfu = new SWFUpload({

/* lots of settings */

post_params : {

/* other post params */

"ASPSESSID" : ""

}

/* lots more settings */

});

Note:The overriding of the Forms Authentication cookie has not been tested but I think it should still work. Someone will have to let me know.

P.S. & Security Warning: Don't just copy and paste this code in to your ASP.Net application without knowing what you are doing. It introduces security issues and possibilities of Cross-site Scripting.