OK, I have only found several posts asking, and many answers that don't seem to really address the issue.
How is user authentication and session management handled best in Flex? Taking into consideration the following: * All business logic is server side and available only to an authenticated user (and only the components they have access to). * Cannot reverse engineer the flash file to gain access to the server side. * Each server side call must be authenticated. * Preferably the main application is not downloaded until the user is authenticated. I saw suggestions on authenticating the user and then storing the roles on the client, this seems very insecure, as the user could potentially write their own app and stick roles in that client side variable. I got the few books on Flex that are out there, but none of them really cover this critical issue. Maybe I'm missing something basic? Thanks JK
