Thanks Paul - I appreciate you take the time to get me started. Something which is not completely clear to me is
> Another approach I use is to send login info as headers on every > request to the server. Then if the session has been lost I can > transparently log the user back in and start a new session. This is > only a good idea if the requests are secure. > Assuming the requests are secured, how would that work? At what end is the user logged in again. Any chance you could find the time to elaborate a bit on this. Thanks, Peter --- In [email protected], "Paul DeCoursey" <[EMAIL PROTECTED]> wrote: > > Couple of things you can do, and I'm sure that there are more ideas > out there. > > First, and probably the easiest,set up a timer in the flex app that > gets reset with every http request to the servlet. The timer should > be set to less than the servlet timeout, like 1 minute less. When the > timer times out have it notify the user that they need to do somthing > or the session will timeout. If they do not react within 1 minute > then redirect the user to your login page. If they do respond then > have the app do some simple request to hold the session. I have a > simple hello request in one of my apps just for this. > > Another approach I use is to send login info as headers on every > request to the server. Then if the session has been lost I can > transparently log the user back in and start a new session. This is > only a good idea if the requests are secure. > > Hope that gives you some ideas. > > Paul > > > --- In [email protected], "pgp.coppens" > pc.subscriptions@ wrote: > > > > Hello Flex Fans, > > > > I am new to Flex, so upfront apologies if the question does not make > > any sense or is so trivial I should be ashamed to ask. > > > > Anyway... I want to set up communication with a Tomcat servlet service > > (no FDS) that sits behind forms based authentication. > > > > I do manage to use HTTPService to do authentication by posting to the > > j_security url and then invoke the service, but the thing that is > > bothering me a bit is what to do when the servlet session times out. > > > > I guess I could check the result of each invocation to see whether it > > returns the login form iso the expected reply and then just > > reauthenticate. That does seem somewhat of a hassle though. > > > > Anyone any guidance on this? Is this the "right" approach? Is there > > any open/demo source code available? > > > > Many thanks indeed! > > > > Peter > > >
