4 Replies Latest reply on Aug 19, 2008 11:45 AM by ac361

    Flex session management

    ac361 Level 1
      Hi. I've got an app that will require users to log in. How can the Flex part manage the JSP session? Any tutorials on this will be appreciated. Thanks.
        • 1. Re: Flex session management
          ntsiii Level 3
          Send the sessionID to Flex on startup using flashvars, and include it in any data service calls?

          "manage" is a very broad term.

          Tracy
          • 2. Re: Flex session management
            ac361 Level 1
            Sorry. By manage, I mean: How do you detect that a user has logged on? If your SWF file is within a JSP app, and you use Basic authentication (the little browser popup), I'm assuming that if someone tries to connect directly to the SWF file, they'll get the popup.

            Found this article related to what I'm talking about: http://livedocs.adobe.com/flex/3/html/help.html?content=security2_07.html

            If the user isn't logged on, they can't access the resource (SWF) and if their session ends and they submit something to the server, it will ask for them to log on again. I think :-)
            • 3. Re: Flex session management
              JimBrychka
              quote:

              Originally posted by: ntsiii
              Send the sessionID to Flex on startup using flashvars, and include it in any data service calls?

              "manage" is a very broad term.

              Tracy


              Interesting, I have never used the sessionID when calling data services. Should I be and why?
              • 4. Re: Flex session management
                ac361 Level 1
                If you read this article and have your SWF file within your app, you shouldn't have to worry about the SessionID directly; your Java app will take care of that: http://livedocs.adobe.com/flex/3/html/help.html?content=security2_07.html

                From what I understand, if you use Basic or Forms authentication, if the user submits something to your JSP pages when s/he isn't logged on or the session has expired, the user will be redirected to the login page or see the popup login box in the browser (Basic auth.).

                Of course, if you track the SessionID in your Flex app, you could display a message to the user that his/her session is about to expire. This isn't something I'm going to worry about at this point; as long as unauthenticated users are kept out of the app, that's all I want.