Home/ Questions/Q 9189587
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:16:12+00:00

I am using uploadify to upload files, they automatically post to the handler. I

  • 0

I am using uploadify to upload files, they automatically post to the handler. I then modify the session in the handler that I have setup as a static property in a common class of the website. I then try to access that same session in the aspx page, and the value is null. I have a feeling this is because of cookies, but there needs to be a way to work around this without exposing the sessionid in the url.

ASHX:

public class Upload : IHttpHandler, IReadOnlySessionState, IRequiresSessionState 
{

    public void ProcessRequest(HttpContext context)
    {
        ...
        CMSSession.Current.UploadedFiles.Add(fileName);
    }
}

Session Class:

public class CMSSession
{    
    public static CMSSession Current
    {
        get
        {
            CMSSession session = (CMSSession)HttpContext.Current.Session["__CMSSession__"];
            if (session == null)
            {
                session = new CMSSession();
                HttpContext.Current.Session["__CMSSession__"] = session;
            }
            return session;
        }
    }

    public List<string> UploadedFiles { get; set; }
}

ASPX:

if (CMSSession.Current.UploadedFiles != null)
{
    ...
}
else
{
    IT'S ALWAYS NULL
}

Web.Config:

<sessionState mode="InProc" cookieless="false" /> - causes session to always null in aspx when modified in ashx
<sessionState mode="InProc" cookieless="true" /> - session value is not null, but sessionid is exposed in the url

How do I access & modify the current session within the ASHX file WITHOUT changing cookieless to true and then access the session from the ASPX page?

I have tried using HttpContext and using the context passed into the ASHX…nothing works.

same as this question, but there has to be a more secure way: session set in ashx and get that session on aspx

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I found the answer: When the handler is being called from FLASH (like swfupload or uploadify) it does not pass the current sessionid to the handler. The handler then creates a NEW session. To fix this, do the following:

    Your UI: JavaScript:

    $(Selector).uploadify({
    swf: 'uploadify.swf',
    uploader: 'Upload.ashx?ASPSESSID=<%=Session.SessionID%>'   
});

    Add to: Global.asax:

    void Application_BeginRequest(object sender, EventArgs e)
{
    try
    {
        string session_param_name = "ASPSESSID";
        string session_cookie_name = "ASP.NET_SESSIONID";
        string session_value = Request.Form[session_param_name] ?? Request.QueryString[session_param_name];
        if (session_value != null) { UpdateCookie(session_cookie_name, session_value); }
    }
    catch (Exception) { }
}

void UpdateCookie(string cookie_name, string cookie_value)
{
    HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
    if (cookie == null)
    {
        HttpCookie cookie1 = new HttpCookie(cookie_name, cookie_value);
        Response.Cookies.Add(cookie1);
    }
    else
    {
        cookie.Value = cookie_value;
        HttpContext.Current.Request.Cookies.Set(cookie);
    }
}

    Taken & simplified for uploadify from:
    http://snipplr.com/view/15180/

    You may need to use an authid if using formsauthentication:

    &AUTHID=<%= Request.Cookies[FormsAuthentication.FormsCookieName] == null ? "" : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>

    append that to the uploader parameter in the jQuery.

    Then add the following to the global:

    try
    {
        string auth_param_name = "AUTHID";
        string auth_cookie_name = FormsAuthentication.FormsCookieName;
        string auth_value = Request.Form[auth_param_name] ?? Request.QueryString[auth_param_name];

        if (auth_value != null) { UpdateCookie(auth_cookie_name, auth_value); }
    }
    catch (Exception) { }

    You can now access the same session from the handler (even using the static session object I used above in the question) in IE, Chrome, FF, ect.

    • 0