When you embed a Flash movie within a web page, then that Flash movie makes all of its http calls through the browser, and so has access to all of the cookies the browser has. Say a session was established when the person logged in; this session is maintained even when the Flash movie is making the http call, and not the browser. I use this to have a Flash widget deliver up-to-the-second database results based on the logged in user and their search criteria.
I haven't run tests recently on Flash and a standalone movie. I remember that https was inconsistent (worked on PC, not on Mac), and I *think* that cookies were maintained even after the window was closed (i.e., it wrote the cookie to the harddrive). It was a while ago.
Cookies are simply text headers in the HTTP stream. Anything that supports HTTP can in theory support cookies. The server never accesses any cookies directly; the user agent searches its cookie database for unexpired cookies that match the domain and path criteria of the request, and sends the request along with a cookie header for each match. The server then can convert these headers into whatever useful form you need.
http://wp.netscape.com/newsref/std/cookie_spec.html
excuse me if im asking a no-brainer. but how does flash support cookies? how would any non-browser support cookies that a server can access directly?
-adam
-----Original Message----- From: Ben Curtis [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 07:48 PM To: [EMAIL PROTECTED] Subject: Re: [CFCDev] web services authentication
Can't webservices, being delivered over HTTP, make use of cookies, and the session values stored therein? Then you only need to program the service consumer to recognize set-cookie headers, and send cookie headers with each request.
I haven't used webservices outside of the built-in flash remoting stuff, which supports sessions via cookies. Are cookies verboten in more standardized webservices?
--
Ben Curtis
WebSciences International
http://www.websciences.org/
v: 310 478 6648
f: 310 235 2067----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
