CodeIgniter + uploadify + Session Cookie (Flash)

The solution:
This guide has been written for CI 2.1.0, it can easily be edited for prior versions.

-In later versions of uploadify post_params in JavaScript may be replaced by formData

1. Extend CI_Session
Create a MY_Session.php under /application/libraries or extend your own one. Copy the whole sess_read() function from /system/libraries/Session.php and paste it into your newly created MY_Session.php.


$session $this->CI->input->cookie($this->sess_cookie_name); 


if (isset($_POST['browser_cookie']))
$enc_key $this->CI->config->item('encryption_key');
$session trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256$enc_keybase64_decode($_cookie), MCRYPT_MODE_ECBmcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB), MCRYPT_RAND)));
else {

2. Session Library Setup
Setup your Session Library properly (add an encryption_key in your config.php) and enable table based sessions as well as disable sess_match_useragent in config.php (important!)

3. In your view where uploadify is embedded, you will have to append post params to your upload function. Here is a sample code:

uploader'/objects/upload_images/' object_id,
post_params{"browser_cookie""<?= trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->config->item('encryption_key'), $_COOKIE[$this->config->item('sess_cookie_name')], MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)))); ?>"},
onUploadSuccess: function(filedataresult){
//do something useful

This has to be parsed by your PHP parser in order to fill the values. You could also just declare a variable like

var browser_cookie = “<?= trim…....... ?>”

and just load this global variable in your upload function.

4. How does it work?
Basically it generates an encrypted version of your session cookie and posts it to your server. As you have already modified the session class, it recognizes that your session cookie has been sent via post and is using this instead. Basically it’s just a simulation of what the browser would do if it wasn’t Flash.

5. Conclusion and caveats
If CI Basis is updated, don’t forget to update your MY_Session as well. It is just ensuring that.

Make sure that your cookie is valid before sending the files to your server. Otherwise you could raise the value of “sess_time_to_update” in your config.php.

출처 :


+ Recent posts