Cookie issue

[vlad]

I'm configuring the applet, trough the "cookiename" and "cookievalues" params, to include a cookie that preserves the PHP session. Everything works fine for the first uploaded file, however, on the second request the applet sends two "Cookie" headers, because the server sent a cookie back in the first HTTP response:

1st request:

Code: Select all

[DEBUG] header - >> "Cookie: PHPSESSID=82c223c703393ab3729cfedd984b2eeb[\r][\n]"

1st response:

Code: Select all

[DEBUG] header - << "Set-Cookie: language=english; expires=Fri, 20-Feb-2009 20:16:48 GMT; path=/[\r][\n]"

2nd request:

Code: Select all

[DEBUG] header - >> "Cookie: PHPSESSID=82c223c703393ab3729cfedd984b2eeb[\r][\n]"
[DEBUG] header - >> "Cookie: language=english[\r][\n]"

2nd response:

Code: Select all

[DEBUG] header - << "HTTP /1.0 401 Unauthorized[\r][\n]"

-> PHPSESSID missing

If the applet is trying to send back the received cookies, it should at least join the data under a single "Cookie" header. Although the 2109 RFC doesn't seems to limit the use of this header, I can certainly tell from practice that Apache ignores the first header in favor of the second.

[support]

Could you try to pass PHPSESSION in URL instead ?

[vlad]

Could you try to pass PHPSESSION in URL instead ?

That would be the partial solution that I'm using now. The problem is, some of the servers that I tried to deploy JFileUpload on, have PHP configured with "session.use_only_cookies" to "On", to increase the security.
Also, a couple of servers require a special cookie (usually named something like "X-Mapping-caklakng") to keep the session between multiple servers in a load balancing system.
Improving the cookie support will increase the number of supported server configurations.