Could you give an example of how you do this? If this is secure it sounds much easier to handle.
On 04 Apr 2007 10:12:22 -0700, Ray Horn <[EMAIL PROTECTED]> wrote:
Rather than worry about the server session why not simply maintain the session state in the client since it is assume your client is running a SWF ala Flex. The fact that the client has accomplished a login could be handled by sending a specific token to the server as long as the token is some kind of UUID value that is known to be random yet non-sequential. I have coded this into a Flex Object that subclasses the HTTPService and once setup needs no further maintenance. In my specific case my app is always logged-in since it runs via an Intranet however my initial HTTPService call gets the user's metadata from the server and then I pass the user's ID back to the server on each HTTPService call but this is done transparently. Just a suggestion. I realize this may not be in keeping with the way most people might apprach this sort of problem. ----- Original Message ---- From: dordea cosmin <[EMAIL PROTECTED]> To: [email protected] Sent: Wednesday, April 4, 2007 1:27:44 AM Subject: Re: [flexcoders]PHP and Flex questions When a Flex application in a browser communicates with a php page for the first time a session is created. This is the same behavior as user receiving a PHP page in their browser. - true , but the session is created only if the php installed in your server is configured to auto start a session or you manually start the session in your scrip. - This session that is created last indefinitely with Flex applications because Flex keeps the connection open / session alive on the server. I am not sure if this is 100% true , but i believe by default , the http headers send Connection: Keep-Alive, so sessions remain alive. In my application it works okay, session doesn't expire while flex application runs. However, I believe if you send custom HTTP headers this behavior can be lost. - Flex keeps the connection alive by periodically pinging the server. same as above - Sessions will never timeout due to this behavior. same as above - When the user navigates away from the Flex application the session will timeout on the server. true , it will timeout in the time specified in your php.ini To manually timeout a session on the server call a page or function that executes this code " session.destroy( );" <-- not sure what the recommended method to clear the session on the server. - true , depending on your php session you will call the correct function to destroy the session Hope this helps. ----- Original Message ---- From: dorkie dork from dorktown <dorkiedorkfromdorkt [EMAIL PROTECTED] com> To: [EMAIL PROTECTED] ups.com Sent: Tuesday, April 3, 2007 8:37:15 PM Subject: [flexcoders] PHP and Flex questions Can someone tell me if these statements are true or false and if false what is the correct answer? - When a Flex application in a browser communicates with a php page for the first time a session is created. This is the same behavior as user receiving a PHP page in their browser. - This session that is created last indefinitely with Flex applications because Flex keeps the connection open / session alive on the server. - Flex keeps the connection alive by periodically pinging the server. - Sessions will never timeout due to this behavior. - When the user navigates away from the Flex application the session will timeout on the server. - To manually timeout a session on the server call a page or function that executes this code " session.destroy( );" <-- not sure what the recommended method to clear the session on the server. Any answers will help even partial. ------------------------------ 8:00? 8:25? 8:40? Find a flick<http://tools.search.yahoo.com/shortcuts/?fr=oni_on_mail&#news>in no time with theYahoo! Search movie showtime shortcut.<http://tools.search.yahoo.com/shortcuts/?fr=oni_on_mail&#news>
