Note: the flash upload component has been completely removed in CKFinder 2.6.
As of CKFinder 2.1 we have introduced a new Flash component for multiple file upload. It is working great except in one situation. When you use your own authentication method in CKFinder (you have overridden the checkAuthentication()
method), based on a variable placed in the session scope, in browsers other than Internet Explorer you might see the following error while trying to upload images: "The file browser is disabled for security reasons. Please contact your system administrator and check the CKFinder configuration file".
This is happening because of an old Flash "cookie bug". If you are interested in seeing reports on this issue you can follow the links below (login is required):
- http://bugs.adobe.com/jira/browse/FP-1044
- https://bugs.adobe.com/jira/browse/FP-201
- http://bugs.adobe.com/jira/browse/FP-78
To sum up the problem: as you probably know, the browser has a cookie space which is designed to store cookies that are used for the communication with the server. When the Flash component (embedded in the Web page) is being initialized, it creates its own separate cookie space in non-IE browsers from which unfortunately wrong or no cookies are sent. If correct cookies are not sent, sessions and cookie-based authentication will not work.