Hello list, Upfront, let me point out that I'm not too clued up on the whole CF sessionmanagement stuff so excuse me if this is an obvious question. On a positive note I do know my way around Flex.
I'm hitting a bunch of CFCs from Flex via Remoting (example: ro = new RemoteObject(); [...] var token:AsyncToken = ro.getRooms.send( item ); My first remoting call is to authenticate the user. Once this call successfully returns I save that 'state' in my Flex app, the current user is flagged as 'loggedin'. Question: what should I do on the server side to secure CFCs so that they can only be called by authenticated users? I'm looking for advice (and some code snippets if possible) to show me either how I can use CF's sessionmanagement to secure these CFCs or alternatively what I should do if I want to authenticate each request as it comes in? Lastly, how does Flex's setRemoteCredentials fit into the equation? The docs only state "If a remote object is managed by an external service, such a ColdFusion Component (CFC), a username and password can be set for the authentication mechanism of that remote service." but it does not give any specific examples on how the two sides work together. I can invoke setRemoteCredentials of course, no problem, but what exactly does that mean for CF and how do I set CF up to make use of that feature? many thanks, Stefan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/Flex/message.cfm/messageid:5017 Subscription: http://www.houseoffusion.com/groups/Flex/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.37
