Uploadify, CakePHP and Suhosin Woes

Flash uploaders have a notorious problem maintaining sessions. CakePHP doesn't have any built in way to solve this problem, so here are some notes about how I dealt with it. To make matters worse I also had HTTP Basic Authentication and the Suhosin PHP security module enabled, which added additional layers of complication. Hopefully the last day and half of my working life will make your lives easier.

Here are the 3 steps I had to take to enable Uploadify on a site I was working on.

1. Follow the instructions about restarting your session in CakePHP while using Uploadify here:
http://blogs.bigfish.tv/adam/2008/04/01/cakephp-12-sessions-and-swfupload/


2. Disable HTTP Basic Authentication. I know there are several possible solutions, but in my case I still have not figured out how to enable authentication on everything except for the file upload service, so for now we've disabled authentication site wide. Will post if I can come up with something better.

3. If your server has Suhosin (PHP security module) installed, you will need to perform this extra step.

Edit your config file, in my case it is /etc/php5/apache2/conf.d/suhosin.ini. And set these to variables to off.

suhosin.session.cryptua = off
suhosin.cookie.cryptua = off

In my case that meant changing them from this state (commented out showing defaults):

;suhosin.session.cryptua = on
;suhosin.cookie.cryptua = on