Home/ Questions/Q 7675969
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T17:05:31+00:00

I’m trying to use Uploadify , an Ajax file uploader, with Play Framework .

  • 0

I’m trying to use Uploadify, an Ajax file uploader, with Play Framework.

Uploadify uses a Flash object to talk to the server … so by default it will not use the Play cookies. I want to authenticate my user correctly, so I need to get uploadify to send some cookies over itself.

Does anyone has a working example of the two working together, or, failing that, some pointers?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, if you’re using httpOnly configuration (and you should!), then it’s impossible to pass Play’s native auth cookie to uploadify.

    What I did was:

    1. Not secure the Images controller with @With(Secure.class), but instead use a before method:

    @Before(unless = "uploadPost")
public static void before() throws Throwable {
    Secure.checkAccess();
}

    2. Pass along two parameters from the controller that renders the page hosting the uploadify plugin: userId, and signedUserId

    String userIdSignature = Crypto.sign(Long.toString(user.id));
render(..., user.id, userIdSignature);

    3. Pass these two parameters to uploadify, and to the uploadPost method

    public static void uploadPost(Upload upload, long userId, String userIdSignature) {
    assertEquals(userIdSignature, Crypto.sign(Long.toString(userId)),
        "Failed to authenticate user ID " + userId);

    If for some reason you don’t want the client to know its user ID, an alternative to signing is encrypting the user id.

    Note that you are still exposed to replay attacks using this method, but I believe this is a general problem with Play (I could be mistaken about this). You can add an expiration date to the signature to limit the damage.

    • 0