9 Replies Latest reply on Jun 21, 2006 3:41 AM by TKJames

    Can flex application will support the session objects

    Gokulanand
      Hi,

      I created my own flex application, i have not used any jsp over there and i want to create session and maintain in that only .

      Will that be possible in flex application without using jsp.

      Thanks in Advance.
        • 1. Re: Can flex application will support the session objects
          JamesDad Level 1
          Why not use SharedObjects?
          • 2. Re: Can flex application will support the session objects
            ntsiii Level 3
            Yes, often when people want to use a server session, it is because they have not fully embraced the Flex paradigm.

            Sure, some very advanced application architectures could reasonably require using a server session.

            But for many apps servr session is not needed. The common use of a server session is to maintain "state" for a particular user between calls from an html page. Since html is "stateless", when you want to store data from one call to the next, you have to store it on the server, and access it later using the session. In Flex, the client application itself keeps the state, and NEVER needs to refresh the ui by calling an url. The only calls to the server are for data. (BTW, 'AJAX' is another approach to keeping state on the client ).

            Shared Objects take this a step further, by retaining data between client Flex app starts and stops. They are kind of like "cookies", but can store much more data.

            So be sure you really need server-side sessions. If you still do, there are ways to access it, but it requires a server-side application, like JSP, of course.

            Tracy
            • 3. Re: Can flex application will support the session objects
              Gokulanand Level 1
              hi,

              Thank u guy's

              now i had new prob with tomcat server

              i am adding the mxml tags in exciting jsp file

              i declared <%@ taglib uri="FlexTagLib" prefix="mm" %> at the starting

              and in WEB-INF also mentioned and flex bootstrab .jar also added enenthugh i am getting the error

              org.apache.jasper.JasperException: File "/FlexTagLib" not found

              can anybody help me

              thanks in advance
              • 4. Re: Can flex application will support the session objects
                TKJames
                Hi.

                I am one of the newbies trying to get the flex approach into my head. I see this is an old thread, but relavant to me so I'll reply here.

                If the users data is stored on the client, then is it accessible to the user directly? Is the repository encrypted?

                The reason I ask is that even a minor app you would have a differentiation of user roles - some with more power than others. Assuming that there is one version of the app, then it must present a different UI users holding each role...in which case if the user can access the role key offline then restart the app it is a bad thing.

                J.

                • 5. Re: Can flex application will support the session objects
                  TKJames Level 1
                  Hi.

                  I am one of the newbies trying to get the flex approach into my head. I see this is an old thread, but relavant to me so I'll reply here.

                  If the users data is stored on the client, then is it accessible to the user directly? Is the repository encrypted?

                  The reason I ask is that even a minor app you would have a differentiation of user roles - some with more power than others. Assuming that there is one version of the app, then it must present a different UI users holding each role...in which case if the user can access the role key offline then restart the app it is a bad thing.

                  J.

                  • 6. Re: Can flex application will support the session objects
                    ntsiii Level 3
                    It is not that "user data is stored on the client", it is that "state" CAN be stored/retained on the client. Nothig is automatically stored on the client, you must programmatically cause it to happen. Instead of having the server assign a session id, then pass it to the client, who pases it back to the server on the next refresh, you could simply keep the necessary database identity key on the client in a MEMORY variable. You do not need to save it to a local respository(called a Local Shared Object) although you can if you want. The Local Shared Object is not encrypted.

                    If the database identity keys are stored in the player in memory, when a user does refresh, that info will be lost and not available to someone else on the machine. That new person would have to log on again, to get whatever rolses they were entitled.

                    Do you follow?

                    Tracy
                    • 7. Re: Can flex application will support the session objects
                      TKJames Level 1
                      Tracy,

                      Thanks for the response.

                      Thinking about it, the memory variable is no worse than the session stored in cookies in ASP, or in the page by HTML session management approaches, although one would expect that someone with a memory viewing tool might be able to get and set the memory information.

                      So, is there any built-in function to encrypt critical memory-resident data?

                      Also, does Flex introduce any security-specific enhancements over web-browsers? This could vitally important in terms of the scope of applications that could benefit from Flex.

                      J.

                      • 8. Re: Can flex application will support the session objects
                        ntsiii Level 3
                        No, there is no built in functionality for encryption.

                        Flex runs within the Flash Player, which has very strict security restrictions. Of course, the security is focused on preventing malicious code in the player itself from accessing a client's resources. It is not focused on protecting the Flash Player from an attack from a client.

                        Tracy
                        • 9. Re: Can flex application will support the session objects
                          TKJames Level 1
                          Tracy

                          Thanks for the prompt and useful response. I have some other questions on app serving but I'll open a new topic for those.

                          J.