4 Replies Latest reply on Feb 4, 2009 11:11 AM by levancho

    save variables

    jfb00 Level 3
      Hi All,
      I have a login form in my site, now what is the best way to do a remember check button.
      How can I do that? Where can I store the username and password for the next session of the user.
      Thanks

      JFB
        • 1. Re: save variables
          matthew horn Level 3
          You probably want to use local shared objects (which are similar to cookies, but for the Flash Player). There is more info here:

          http://livedocs.adobe.com/flex/3/html/lsos_2.html

          Be aware, though, that it's never recommended to store an actual password in an LSO or a cookie. Instead, use a session ID or something similar that can be used to lookup a user.

          matt horn
          flex docs
          • 2. Re: save variables
            levancho Level 3
            actually you should encrypt the whole cookie/shared obj / with username and password in it etc ... and then its ok to store it on client side and actually is better than session ID way. unencrypted session ID can still be hijacked.
            • 3. Re: save variables
              jfb00 Level 3
              Thanks for the quick reply!
              encrypt sound good, how can I do that?
              Any links or samples to check this functionality?
              Rgds

              JFB
              • 4. Re: save variables
                levancho Level 3
                one way is : you can use for example "Blowfish/ECB/PKCS5Padding" algorythm create some randome String as the key to it , that only your server knows, and then you can safely ecrypt --> store --. retreive --> decrypt all on server side, and autologin user as well
                even if someone stopes that entry from client machine they will not be able to decrypt it without the key string.