PHP sessions from Flash

Normally, when you have a user that is authenticated (via sfGuard for instance), the session cookie is used to track the session.

However, when the user is submitting some data via a Flash movie embedded in your site this will not work, at least not in all browsers. This is because in some browsers Flash does not use the same cookie as the browser, so these requests are handled in a seperate session.

The solution in to have Flash submit the current session ID and then, in Symfony, explicitly start the session with that ID.

The first part is quite easy, you can simply pass the value returned by session_id() to Flash using a Flashvar, or implement some service call that provides it. Flash can then submit this in a GET or POST variable called (for instance) ‘session_id’.

In order to have Symfony use this ID, you need to overwrite the storage class.

The standard file lives here:
lib/vendor/symfony/lib/storage/sfSessionStorage.class.php

Copy the file to:
lib/vendor/driebit/driebitSessionStorage.php

Note: You need to have a correct autoload.yml to autoload from this directory.

Rename the class, and extend sfStorage:

class driebitSessionStorage extends sfStorage {
…

In the initialize method, read the session id from the request:

public function initialize($options = null) {
  $flash_session_id = sfContext::getInstance()->getRequest()->getParameter('session_id');
  ...

You then need to explicitly start the session with the ID

if ($flash_session_id) {
  session_id($flash_session_id);
} else {
  if (!(boolean) ini_get('session.use_cookies') && ($sessionId == $this->options['session_id'])) {
    session_id($sessionId);
  }
}

Lastly, you need to tell Symfony to use your storage, in factories.yml

all:
  storage:
    class: driebitSessionStorage
    param:
      session_name: mySession

That’s all there is to it!