Index: session.php
===================================================================
--- session.php	(revision 14234)
+++ session.php	(working copy)
@@ -745,12 +745,12 @@
 
 		$get_sid = getArrayValue($http_query->Get, $this->GETName);
 
-		if ($this->IsHTTPSRedirect() && $get_sid) { // Redirect from http to https on different domain
+		if (($this->IsHTTPSRedirect() && $get_sid) || $this->getFlashSID()) { // Redirect from http to https on different domain OR flash uploader
 			$this->OriginalMode = $this->Mode;
 			$this->SetMode(smGET_ONLY);
 		}
 
-		if (!$cookies_on || $this->IsHTTPSRedirect()) {
+		if (!$cookies_on || $this->IsHTTPSRedirect() || $this->getFlashSID()) {
 			//If referer is our server, but we don't have our cookies_on, it's definetly off
 			$is_install = defined('IS_INSTALL') && IS_INSTALL;
 			if (!$is_install && $this->_checkCookieReferer() && !$this->Application->GetVar('admin') && !$this->IsHTTPSRedirect()) {
@@ -853,14 +853,28 @@
 		}
 	}
 
+	function getFlashSID()
+	{
+		$http_query =& $this->Application->recallObject('HTTPQuery');
+		/* @var $http_query kHTTPQuery */
+
+		return getArrayValue($http_query->Post, 'flashsid');
+	}
+
 	function GetPassedSIDValue($use_cache = 1)
 	{
 		if (!empty($this->CachedSID) && $use_cache) {
 			return $this->CachedSID;
 		}
 
-		$http_query =& $this->Application->recallObject('HTTPQuery');
-		$get_sid = getArrayValue($http_query->Get, $this->GETName);
+		// flash sid overrides regular sid
+		$get_sid = $this->getFlashSID();
+
+		if (!$get_sid) {
+			$http_query =& $this->Application->recallObject('HTTPQuery');
+			$get_sid = getArrayValue($http_query->Get, $this->GETName);
+		}
+
 		$sid_from_get = $get_sid ? true : false;
 
 		if ($this->Application->GetVar('admin') == 1 && $get_sid) {