Index: branches/5.2.x/core/kernel/session/session.php
===================================================================
diff -u -N -r14244 -r14572
--- branches/5.2.x/core/kernel/session/session.php	(.../session.php)	(revision 14244)
+++ branches/5.2.x/core/kernel/session/session.php	(.../session.php)	(revision 14572)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: session.php 14244 2011-03-16 20:53:41Z alex $
+* @version	$Id: session.php 14572 2011-09-20 15:25:49Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -349,12 +349,12 @@
 
 		$get_sid = getArrayValue($http_query->Get, $this->GETName);
 
-		if ($this->IsHTTPSRedirect() && $get_sid) { // Redirect from http to https on different domain
+		if (($this->IsHTTPSRedirect() && $get_sid) || $this->getFlashSID()) { // Redirect from http to https on different domain OR flash uploader
 			$this->OriginalMode = $this->Mode;
 			$this->SetMode(self::smGET_ONLY);
 		}
 
-		if (!$cookies_on || $this->IsHTTPSRedirect()) {
+		if (!$cookies_on || $this->IsHTTPSRedirect() || $this->getFlashSID()) {
 			//If referer is our server, but we don't have our cookies_on, it's definetly off
 			$is_install = defined('IS_INSTALL') && IS_INSTALL;
 			if (!$is_install && $this->_checkCookieReferer() && !$this->Application->GetVar('admin') && !$this->IsHTTPSRedirect()) {
@@ -457,14 +457,28 @@
 		}
 	}
 
+	function getFlashSID()
+	{
+		$http_query =& $this->Application->recallObject('HTTPQuery');
+		/* @var $http_query kHTTPQuery */
+
+		return getArrayValue($http_query->Post, 'flashsid');
+	}
+
 	function GetPassedSIDValue($use_cache = 1)
 	{
 		if (!empty($this->CachedSID) && $use_cache) {
 			return $this->CachedSID;
 		}
 
-		$http_query =& $this->Application->recallObject('HTTPQuery');
-		$get_sid = getArrayValue($http_query->Get, $this->GETName);
+		// flash sid overrides regular sid
+		$get_sid = $this->getFlashSID();
+
+		if (!$get_sid) {
+			$http_query =& $this->Application->recallObject('HTTPQuery');
+			$get_sid = getArrayValue($http_query->Get, $this->GETName);
+		}
+
 		$sid_from_get = $get_sid ? true : false;
 
 		if ($this->Application->GetVar('admin') == 1 && $get_sid) {
@@ -575,7 +589,9 @@
 			return true;
 		}
 
-		if (!$force && !($this->Application->isAdmin || $this->Application->GetVar('admin')) && !$this->NeedSession()) {
+		$this->Expiration = adodb_mktime() + $this->SessionTimeout;
+
+		if (!$force && /*!$this->Application->isAdmin &&*/ !$this->Application->GetVar('admin') && !$this->NeedSession()) {
 			// don't create session (in db) on Front-End, when sid is present (GPC), but data in db isn't
 			if ($this->_fromGet) {
 				// set sid, that was given in GET
@@ -584,15 +600,16 @@
 				// re-generate sid only, when cookies are used
 				$this->GenerateSID();
 			}
+
+			$this->Storage->StoreSession(false);
+
 			return false;
 		}
 
 		if (!$this->SID || $force) {
 			$this->GenerateSID();
 		}
 
-		$this->Expiration = adodb_mktime() + $this->SessionTimeout;
-
 		switch ($this->Mode) {
 			case self::smAUTO:
 				if ($this->CookiesEnabled) {