You're right.  The string that's being passed along is not the real
sessionID.
I'm relying on swfupload to put the sessionID into the form.  The
swfupload plugin that I'm using says that it "automatically collects
the cookies from the browser and adds them to the post_params."

Passing in the sessionID myself, it seems to work.

Thanks Ben!

We'll have to find some way to make this less vulnerable though.

On Jun 27, 5:14 pm, Ben Bangert <[EMAIL PROTECTED]> wrote:
> On Jun 27, 2008, at 1:42 PM, k7lim wrote:
>
> > I'm starting to get the hang of this.  However, I'm getting None back
> > for my get_by_id(sessionID) call.  My hunch is that the reason is
> > something else you stated: I'm not actually passing the sessionID, as
> > I'd assumed.  I'm passing a long hex string (len is 72).  Perhaps this
> > is the hash that you'd mentioned?   Re-reading the swfupload docs,
> > it's passing the contents of the cookie as a param.
>
> You're probably not putting the real session ID into the form. The  
> session id can be pulled from an existing session with session.id, how  
> are you putting the session ID into the form used?
>
> > Also, I'm breaking on this line:
> > pylons.request.environ['pylons.pylons']  it's saying no such key...
> > hmmm
>
> Ah, that's 0.9.7 only, so you can ignore that section.
>
> > I put the code you specified in the __before__ method of my
> > basecontroller, because you said it had to come as early as
> > possible...
>
> If you have a __before__ in any of your other classes, the  
> basecontroller's one won't be called. That's why I suggested putting  
> it in the __call__ section.
>
> Cheers,
> Ben
>
>  smime.p7s
> 3KDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to