Oh well, that turned out to be pretty messy

First I got worried as the doc states

The FileReference and FileReferenceList classes also do not provide 
methods for authentication. With servers that require authentication,
you can  download files with the Flash® Player browser plug-in, but
uploading (on all players) and downloading (on the stand-alone or 
external player) fails.
On this and other sites I did however find users that got it working.
The trick (with Tomcat) is to "just" add the servlet's jsessionid stored
in the cookie also on the FileReference's url. One has a few choices to
get the sessionid into flex. In my case that was easy, because I am
sending xml back and forth anyway I just added the sessionid to the
reply the servlet sends when the login succeeds. The servlet request has
a getter to get hold of it (getRequestedSessionId)

Whenever one wants to upload something, append the sessionid to the
request url. Something like

         urlRequest=new URLRequest(_servletUrl  + servicePath +
";jsessionid=" + _sessionId );

Note the semicolon - this is not a url parameter.

That first did not work in my case because Flex kept on sending some
session cookie with the upload request and the server therefore ignored
the jsessionid on the url. Weirdly that cookie was not stored in the
browser and no matter how hard  I tried to clean up the browser's
caches, it kept being there. Obviously (but not for me at 2am) it is the
flash/flex runtime that has its own session/cookie cache. Quitting the
browser (and the flex runtime) is what finally got it going.

All in all this is an ugly situation. It would help to document this in
the flex doc (assuming this is a "supported" approach) and browser
consistency would have helped as well....a first blow to my hopes of
escaping cross browser problems by switching to flex/flash.

Anyway, perhaps a next reader finds this useful.


--- In flexcoders@yahoogroups.com, "pgp.coppens" <[EMAIL PROTECTED]>
> Flex fans,
> I am struggling with the following scenario
> 1. Use an HTTPService POST to authenticate to a servlet backend (works
> fine)
> 2. Use HTTPService requests to the same server and rely on previous
> authentication (works fine)
> 3. FileReference.upload with IE also picks up the same session cookie
> and thus uses the authenticated (and authorized) session. With Firefox
> or Opera however, a FileReference.upload request does not seem to pick
> up the same JSESSIONID cookie and therefore fails as it is not
> authenticated/authorized.
> Does anyone know how to deal with this? How should one normally use a
> FileReference.upload to a servlet server that requires authentication?
> Any help or guidance warmly welcomed!
> Peter

Reply via email to