Hi Barry
Luckily it's all pretty automatic. Your flex/flash application will save and use any cookies that your browser or requests give it. Examples Browser-based http://www.beauscott.com/examples/FlexSessionExamples/ Stand-alone http://www.beauscott.com/examples/FlexSessionExamples/Test.swf (Save the latter to your hard disc and run it in the stand alone flash player, not the browser) You'll notice in the first example that the session id's match in both the containing HTML page and the flex application. If you clear your session cookies and press the button without refreshing the page, you'll get a new session id. When you refresh the page, the browser will show the new session id that you retrieved from via flex. This shows that your browser and flex share the same cookies / session for the domain. In the second example, every subsequent request displays the same session id, this is showing that the session cookie that the domain supplies is stored and used by flash itself. FYI, what's going on in the background of the flex app is that when the app is loaded, it sends off an HTTPService request to http://www.beauscott.com/examples/FlexSessionExamples/session.php to retrieve the session id, and then simply displays it. If you look at the source code, you'll see that I don't set any flashvars related to sessions or anything. Beau From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Beattie Sent: Monday, November 19, 2007 3:33 PM To: [email protected] Subject: Re: [flexcomponents] Session variables this is really getting off the topic of Flex Componentry, but this conversation, inc Beau Scott's comments are (IMHO) extremely valuable. this is the part that I'm stuck on: "However, if your Flex application is just a face to a web application and you need access to the session variables for certain display issues, then make a service request to retrieve what you need into your application." especially this bit: "You really shouldn't be sending session information up and down from the server (except maybe a session identifier) as this opens the gate for someone to hijack the service request and alter values that could have unpredictable effects on your application." If the user has been authenticated previously (HTML pages), how do you then get Flex to 1) keep the session alive on the server? 2) ensure the Flash Remoting requests are coming from a specific authenticated user? thanx barry.b On Nov 20, 2007 7:47 AM, Beau Scott <[EMAIL PROTECTED] <mailto:beau.scott%40gmail.com> > wrote: > > > > > > > Just a bit of advice regarding storing session information on the client > (flex) application: it is not secure. This really gets down into MVC dogma > (and second MVC layer that Flex introduces) and asks the question: Where are > you doing your heavy lifting? > > If you're doing most of your computation in your flex application, then > sure... use application variables inside your application or SharedObjects. > > However, if your Flex application is just a face to a web application and > you need access to the session variables for certain display issues, then > make a service request to retrieve what you need into your application. You > really shouldn't be sending session information up and down from the server > (except maybe a session identifier) as this opens the gate for someone to > hijack the service request and alter values that could have unpredictable > effects on your application. > > Beau > > > > > On Nov 19, 2007 11:51 AM, Jeffry Houser <[EMAIL PROTECTED] <mailto:jeff%40farcryfly.com> > wrote: > > > > > > > > > > > > > > > > In the ColdFusion world, session variables are used to get around the > > stateless of a browser. Cookies are passed back and forth between each > > page request, which the server ties into "in memory" variables. > > > > From what I understand, in the .NET world the concept is very similar, > > except that .NET stores session variables in a database, not in memory. > > ( I could be completely wrong ). > > > > In a Flex application, you aren't performing multiple page requests in > > the same vein that you would when serving dynamically generated HTML, > > and therefore don't need session variables. > > > > Store your "session" state as part of the Flex application, not on the > > remote server. > > > > > > honoraryvato wrote: > > > > > > > > > I did some research on session variables with Flex. The only options > > > that I can see is to either have the .NET page that the SWF is on to > > > check if there is already a session variable or not and then use > > > something like FlashVars to load it in. Another option is to have Flex > > > itself call out to a page that then checks the session. Are these the > > > only two options? As there a nicer way for Flex to read/write session > > > variables? > > > > > > > -- > > Jeffry Houser, Technical Entrepreneur, Software Developer, Author, > > Recording Engineer > > AIM: Reboog711 | Phone: 1-203-379-0773 > > -- > > My Company: <http://www.dot-com-it.com> > > My Podcast: <http://www.theflexshow.com> > > My Blog: <http://www.jeffryhouser.com> > > > > > > > > -- > Beau D. Scott > Software Engineer >
<<image001.jpg>>
<<image002.jpg>>
