I'm developing a web-site, that uses SWFUpload for
multiple files upload to the server. Page, that uploades files, is
accessable only to registered user. Authentication is done via
web-forms (authentication mode="Forms" in Web.config). Flash uploades
files to special web page - upload.aspx. In IE everything works great,
but Flash player in non-IE browser (in Firefox, for example) does not
send any cookies to upload.aspx. Because of it no sesion and no
authentication information is available in this page.
I can pass
all the information, necessary for uploading, in GET-parameters, which
upload.aspx recieve. But this is a serious security hole and I don't
want to expose session information. I can pass session identifier in
GET-request. But the question is the following: how can I restore
session information from the session identifier? How can I make
HttpContext.Current.User point to currently logged in user in this case?
Any help will be appreciated.
View Complete Post