<<< Back to the TFU FAQ
22. How to change the session name
Some of you might use a different session name than the default one which is called PHPSESSID. This can be of security issues or if two independent sessions are used for different areas.
If you want that TFU does also use your session a few things have to be done:
- Use at least TFU 3.0
- Add the session name and session id in the page that calls the flash.
- Modify tfu_session.php like described below.
Quick start guide
To change the session name to e.g. "foo" please perform the following steps
- Add the session name to flash: tfu_3.0.swf?session_name=foo
- Optional: Add the session id to the flash: tfu_3.0.swf?session_name=foo&session_id=<?php echo session_id(); ?>.
- Uncomment line 19 in tfu_session.php and set session_name('foo');
- Replace 'TFUSESSID' with 'foo' in tfu_session.php in line 23 and 24.
First I want to explain why so much stuff ist needed. Lets assume you are already logged in your application with the session name 'foo'. Then a cookie does exist with the name foo and the session id in it. Normally this is sent with each request and everything is fine. You set the session name to foo in the application and the right session would be used.
So you might think if you would only do Step 3 of the guide above it actually should work. Unfortunatelly not all flash browser plugins (e.g. in Firefox) do send cookies properly with the upload request. So you would be able to go to a directory in TFU but when you upload the session is lost and you are logged out.
Like all flash upload solutions this raises the problem of session fixation. This is solved by using an additional random number and some internal checks on each request.