Don’t know if it helps in your case, but we got media uploads working again by changing two lines of code in GAE-plugin. We changed the lines 195 and 196 in modules/uploads.php to this form:
if ( !isset($_COOKIE[$auth_cookie_name]) ) $_COOKIE[$auth_cookie_name] = $auth_cookie;
if ( !isset($_COOKIE[LOGGED_IN_COOKIE]) ) $_COOKIE[LOGGED_IN_COOKIE] = $logged_in_cookie;
This way it doesn’t reset the session cookies if they are already set. Hopefully we get an official fix soon, too.
Seems that the nonce creation/verification -functions have changed in 4.0 (?) so that they now take account the token which is included in the logged_in -cookie.
This cookie is faked by the GAE-plugin when passing the request variables to the upload handler because it does a reauthentication every time a file is uploaded and because the nonce is now session specific (due to the token now being involved), it’s no longer valid. The upload itself seems successful (the new file appears in the bucket) but because an invalid nonce is returned, the file is not added to the media library. Hopefully the plugin-authors will fix this soon.
