Ran into this issue the other day, so I wanted to post this in case anyone else ran across it.
Normally, flash will send cookie data along with calls to the server using load vars, xml, etc. The one exception I seem to have found is with FileReference.upload(), which doesnt send them at all. I was sending the file to a java backend, and we found the solution to be to append the session cookie to the url, using a special syntax:
Notice that the ‘;jsessionid=’ part must be sandwiched between the file name and the query string in order to work properly (and not simply appended as a variable to the query string).