Maintaining Sessions and Authentication in ActiveX/Java Uploader ASP.NET

If you are going to utilize ActiveX/Java Uploader in non-Internet Explorer browsers (Firefox, Safari, and etc.), you should take care about keeping your session and authentication cookies saved if they are used. The fact is that ActiveX/Java Uploader does not send cookies in output requests in non-Internet Explorer browsers by default and, therefore, session and authentication tickets are lost during the upload. To work around this problem you can employ special facilities provided either by ActiveX/Java Uploader ASP.NET or ActiveX/Java Uploader JavaScript. Let us consider how to use them.

Using ActiveX/Java Uploader ASP.NET Control

If you use ActiveX/Java Uploader ASP.NET, session and authentication information will be automatically passed to the upload request. If you are unfamiliar with ActiveX/Java Uploader ASP.NET, please, see the Quick Start with ActiveX/Java Uploader ASP.NET topic.

In order to configure the ASP.NET authentication scheme you should add the authentication section to your web.config, for example, like it is shown in the following example:

<authentication mode="Forms">
  <forms name="AurigmaUser" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"
         protection="All" path="/" timeout="525600"/>

Using ActiveX/Java Uploader JavaScript API

If you prefer not to use ActiveX/Java Uploader ASP.NET, then you should add cookies to the upload request manually via the ActiveX/Java Uploader JavaScript. To do this, use the metadata.cookie property which accepts cookie in the following format: "cookieName=cookieValue".

var u = $au.uploader({
    id: 'Uploader1',
    metadata: {
        cookie: 'ASP.NET_SessionId=<%=Page.Session.SessionID%>;' +
            '<%=FormsAuthentication.FormsCookieName%>=' + 
            '<%=Request.Cookies[FormsAuthentication.FormsCookieName].Value %>'


The previous example uses ASP.NET_SessionId as session cookie name, because it is default name for this cookie in ASP.NET. However, you may determine the session cookie name programatically, as follows:


See Also