Issue with Flash uploader and Suhosin PHP patch

January 11th, 2012 by Alex Leave a reply »

This is a very simply situation: we use multiple files Flash uploader to display progress, and for other extended functionality when uploading files. But this issue was killing me. After installing Suhosin patch, the session was breaking after any file upload.

This was made because Suhosin checks the User-Agent also, and Flash has a different user agent from the browser. Even providing a session id to Flash won’t solve the issue because Suhosin checks the user agents when session_id/session_start is called.

To solve this issue, simply disable user agent encrypting, but leave the IP address encrypting in php.ini:

suhosin.session.encrypt = On
suhosin.session.cryptraddr = On
suhosin.session.cryptua = Off

Comments are closed.