Index: src/wp-admin/async-upload.php
===================================================================
--- src/wp-admin/async-upload.php	(revision 27522)
+++ src/wp-admin/async-upload.php	(working copy)
@@ -13,17 +13,19 @@
 else
 	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
-if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
-	// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
-	if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
-		$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
-	elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
-		$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
-	if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
-		$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
-	unset($current_user);
+// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
+if ( is_ssl() && empty( $_COOKIE[SECURE_AUTH_COOKIE] ) && ! empty( $_REQUEST['auth_cookie'] ) ) {
+	$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
+} elseif ( empty( $_COOKIE[AUTH_COOKIE] ) && ! empty( $_REQUEST['auth_cookie'] ) ) {
+	$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
 }
 
+if ( empty( $_COOKIE[LOGGED_IN_COOKIE] ) && ! empty( $_REQUEST['logged_in_cookie'] ) ) {
+	$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
+}
+
+unset( $current_user );
+
 require_once( ABSPATH . 'wp-admin/admin.php' );
 
 if ( !current_user_can('upload_files') )
Index: src/wp-admin/includes/media.php
===================================================================
--- src/wp-admin/includes/media.php	(revision 27522)
+++ src/wp-admin/includes/media.php	(working copy)
@@ -1743,6 +1743,8 @@
 
 $post_params = array(
 		"post_id" => $post_id,
+		"auth_cookie" => ( is_ssl() ? $_COOKIE[SECURE_AUTH_COOKIE] : $_COOKIE[AUTH_COOKIE] ),
+		"logged_in_cookie" => $_COOKIE[LOGGED_IN_COOKIE],
 		"_wpnonce" => wp_create_nonce('media-form'),
 		"type" => $_type,
 		"tab" => $_tab,
Index: src/wp-includes/media.php
===================================================================
--- src/wp-includes/media.php	(revision 27522)
+++ src/wp-includes/media.php	(working copy)
@@ -2186,6 +2186,9 @@
 
 	$params = apply_filters( 'plupload_default_params', $params );
 	$params['_wpnonce'] = wp_create_nonce( 'media-form' );
+	$params['auth_cookie'] = ( is_ssl() ? $_COOKIE[SECURE_AUTH_COOKIE] : $_COOKIE[AUTH_COOKIE] );
+	$params['logged_in_cookie'] = $_COOKIE[LOGGED_IN_COOKIE];
+
 	$defaults['multipart_params'] = $params;
 
 	$settings = array(