Flash File Upload and Session Cookies

April 4, 200714 Comments

Ran into this issue the other day, so I wanted to post this in case anyone else ran across it.

Normally, flash will send cookie data along with calls to the server using load vars, xml, etc. The one exception I seem to have found is with FileReference.upload(), which doesnt send them at all. I was sending the file to a java backend, and we found the solution to be to append the session cookie to the url, using a special syntax:


Notice that the ‘;jsessionid=’ part must be sandwiched between the file name and the query string in order to work properly (and not simply appended as a variable to the query string).

Filed in: flash

About the Author ()

Comments (14)

Trackback URL | Comments RSS Feed

Sites That Link to this Post

  1. FlashApe » Blog Archive » Online Business card designer launched. | May 22, 2007
  1. Matthias says:

    Yes, I just learnt that the hard way. What an annoying bug (or “missing feature”, in case someone says it’s The Way To Go).

  2. Matthias says:

    actually, sorry for doublecomments, what you’re describing is the case in Firefox, while IE works fine.

  3. Thanks for writing about this issue. I had this same problem, but I was using PHP instead of Java. The PHP solution is a little more complicated. I did a write up here:

    Using Flash Upload with PHP and Symfony

  4. BogdanEmil says:

    I used your syntax:

    file.upload(“http://www.mysite.com/UploadServlet;jsessionid=” + session + “?param1=” + param1 ..etc

    but the session is still not sended (I get a new one in the upload servlet).
    This is happening in Firefox (and probably in Safari – not tested).
    Did you test the solution in Firefox? If it worked, the cookies on your browser were disabled?

  5. Ain Tohvri says:

    It would be smarter to use postData (FileReference.postData property) for session ids.

  6. rich says:

    this post was referencing sending session ids to java in flash player 8, which did not have a postData property at the time. I haven’t worked with this in a while, but if I remember correctly, we couldn’t simply pass in the sessionID as a variable anyway…we needed this specific syntax in order for java to properly access it.

  7. sonicoliver says:

    this is so lame, flash needs to work with REAL http cookies…

  8. Nick says:

    If anyone want to encourage Adobe to fix this bug, here are the bug-tracker links for this issue:


    Unfortunately you have to create an account to view the issues, but there they are anyway.

  9. kc says:

    This is 2010… so its 3 years after this post. I found this link and thought it might help…
    Possible Cookie Bug Fix?: FileReference.load() instead of FileReference.upload()

  10. Josh says:

    Still no go… how lame adobe….

  11. Mike says:

    I’ve just collided with this stupid issue.


  12. i managed to work around this bug using flex and java web filter

    Flex Code :

    var urlVars:URLVariables = new URLVariables();
    urlVars.jsessionid = sessionID;

    var uploadUrl:String = “http://localhost:8080/mywar;jsessionid=”+sessionID;
    uploadUrl += “?”+getClientCookies(); //put all client cookies on the query string
    var urlRequest:URLRequest = new URLRequest(uploadUrl);
    urlRequest.method = URLRequestMethod.POST;
    urlRequest.data = urlVars;

    //will go first time and get the cookies set see flex docs
    var testUpload:Boolean = true;


    package com.mywar.fileupload;

    import java.io.IOException;
    import java.util.Enumeration;

    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.Cookie;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    * @author orasio – spieler
    * This filter comes to solve the Firefox ,Chrome and SAFARI file upload issue
    * The problem was that the file uploaded by the flex
    * FileReference came with a different session and no cookies
    * To solve this problem do the following :
    * don’t forget to add this filter to the web.xml file
    public class FileUploadFilter implements Filter {

    private static final String CONTENT_LENGTH = “content-length”;
    private static final String UPLOAD_SITE_PATH = “/”;
    private static final String JSESSIONID = “JSESSIONID”;

    public void init(FilterConfig filterConfig) throws ServletException {

    public void doFilter(ServletRequest request,
    ServletResponse response,
    FilterChain filterChain)
    throws IOException, ServletException {
    if ((request instanceof HttpServletRequest)
    && (response instanceof HttpServletResponse)) {
    HttpServletRequest httpRequest = (HttpServletRequest) request;

    //httpRequest.getHeader(“user-agent”); //Shockwave Flash
    String contentLength = httpRequest.getHeader(CONTENT_LENGTH);
    boolean isFlexTest = (contentLength!=null
    && Integer.parseInt(contentLength)==0);
    HttpServletResponse httpResponse =
    (HttpServletResponse) response;
    setAllClientCookie((HttpServletResponse)response, httpRequest);
    PrintWriter out = httpResponse.getWriter();
    filterChain.doFilter(request, response);

    * write all cookies back to the flex test response
    private void setAllClientCookie(HttpServletResponse httpResponse,
    HttpServletRequest httpRequest) {
    Enumeration parameterNames =
    while (parameterNames.hasMoreElements()) {
    String cookieName = (String) parameterNames.nextElement();
    //since we get IllegalArgumentException: Cookie name “JSESSIONID” is a reserved token

    if(!cookieName.contains(JSESSIONID)) {
    Cookie cookie =
    new Cookie(cookieName, httpRequest.getParameter(cookieName));

    public void destroy() {


Leave a Reply

Back to Top