How do I get the visit module to get session ID from query string?
MattH
I'm trying to use a Flash 9 FileReference upload with a TG-based
server. The challenge is that the Firefox/Safari Flash player does not
provide the session cookie with a FileReference.Upload. The typical
workaround is to put the session id in the query string when I post
the file upload, but then I need TG / CherryPy to get the session id
from the URL instead of the cookie (which is either wrong or non-
existent).
Here's a link where this bug is discussed, along with a workaround for
PHP:
http://robrosenbaum.com/flash/using-flash-upload-with-php-symfony/
I've found workaround for PHP, Java, ASP, Ruby, etc, but not
CherryPy.
How do I get TG / CP to use the session ID from the URL if it's not in
the cookie?
Any help would be greatly appreciated.
Regards,
mh
Christopher Arndt
> How do I get TG / CP to use the session ID from the URL if it's not in
> the cookie?
I don't think this is supported by the TG Visit framework out of the
box. If you look at:
http://trac.turbogears.org/browser/branches/1.0/turbogears/visit/api.py#L201
you can see that the session ID is only looked for in the cookies.
Changing this without patching TG would probably require two things:
1) Providing your own VisitFilter class that patches the 'before_main'
method to retrieve the session ID from the request vars.
2) Replacing the original VisitFilter in the CherryPy filter chain
(cherrypy.root._cp_filters) with your own one. Something like:
if config.get("visit.on", False):
for i, filter in enumerate(cherrypy.root._cp_filters):
if isinstance(filter, turbogears.visit.api.VisitFilter):
cherrypy.root._cp_filters[i] = MyVisitFilter()
break
else:
cherrypy.root._cp_filters.append(MyVisitFilter())
I havn't tested it. If you try it out, please let us know, if it works ;)
Chris
MattH
was positive. We decided to put the session id inside a variable
within a POST form, and added a filter within __init__.py:
import turbogears.visit.api as visit_api
from cherrypy import request
VisitParamKey = 'tg_visit_key'
orgFilter = visit_api.VisitFilter.before_main
def before_main_vist_params(self):
if VisitParamKey in request.params:
cookies = request.simple_cookie
cookies[self.cookie_name] = request.params[VisitParamKey]
return orgFilter(self)
visit_api.VisitFilter.before_main = before_main_vist_params
So, it will use the session id within 'tg_visit_key' to override the
one in the cookie.
This workaround (or one like it) is essential for anyone who wants to
use Flash Player's FileReference.upload class along with TG / CherryPy
sessions.
Christopher Arndt
> Thanks Chris. We went a slightly different direction but the outcome
> was positive. We decided to put the session id inside a variable
> within a POST form, and added a filter within __init__.py:
>
> import turbogears.visit.api as visit_api
> from cherrypy import request
>
> VisitParamKey = 'tg_visit_key'
>
> orgFilter = visit_api.VisitFilter.before_main
>
> def before_main_vist_params(self):
> if VisitParamKey in request.params:
> cookies = request.simple_cookie
> cookies[self.cookie_name] = request.params[VisitParamKey]
> return orgFilter(self)
>
> visit_api.VisitFilter.before_main = before_main_vist_params
Ok, so you monkey-patches VisitFilter.before_main, which is also a valid
approach, of course. Good to hear that this worked for you!
Do you reckon, one would need that patch for this flash upload recipe too?
http://digitarald.de/project/fancyupload/2-0/showcase/photoqueue/
Chris
MattH
> Ok, so you monkey-patches VisitFilter.before_main, which is also a valid
> approach, of course. Good to hear that this worked for you!
>
> Do you reckon, one would need that patch for this flash upload recipe too?
>
> http://digitarald.de/project/fancyupload/2-0/showcase/photoqueue/
>
> Chris
_any_ Flash-based uploader, which includes fancy upload. I'm using
SWFUpload, but they are similar. You will also need to add the patch
that handles Flash's malformed MIME header. It seems that Flash does
not terminate the header with a CRLF so CherryPy will timeout waiting
for it. The patch (which is in the CherryPy repo) uses the byte count
field to terminate.
One other thing to look out for is that Flash 10 had a different
security model and it breaks any uploaders that use an HTML button to
trigger a Flash upload function. So, we'll all need to use little
flash movies for the upload button. I don't know if FancyUpload does
that or not.
The upside of Flash 10 is that we should be able to pull the photos
into the Flash Player, scale to screen resolution, re-compress to JPEG
and then only send the smaller JPEG to the server. This will cut the
per file upload time and bandwidth substantially.
Good Luck!
Christopher Arndt
> You will need this kind of patch to enable CherryPy sessions with
> _any_ Flash-based uploader, which includes fancy upload.
I think we should add a patch to TG's visit module then to support
getting the session ID from the request params (if switched on in the
config). I have opened a ticket for this:
http://trac.turbogears.org/ticket/1927
> You will also need to add the patch
> that handles Flash's malformed MIME header. It seems that Flash does
> not terminate the header with a CRLF so CherryPy will timeout waiting
> for it. The patch (which is in the CherryPy repo) uses the byte count
> field to terminate.
For reference, this the ticket with the patch:
http://cherrypy.org/ticket/648
Since the CherryPy 2.x branch does not have this patch, we should
consider adding this filter on our own in the TurboGears startup code.
Chris
Chris Arndt
> I think we should add a patch to TG's visit module then to support
> getting the session ID from the request params (if switched on in the
> config). I have opened a ticket for this:
>
> http://trac.turbogears.org/ticket/1927
Please test.
Should be easy to backport to Tg 1.0 as well.
Chris