I don't know if flex has some session management abilities, I'd also like to know if someone more experienced knows about this.
Anyhow, you can implement the session management on the server side. For Java EE apps, look at HttpSesssion API or search some Java EE book/tutorial for Session management. There are plenty of examples and it's quite simple.
If your using the built-in session management in Java EE, you don't need to send username/password with each request. The session ID is stored as a cookie, which is automatically sent by the flex client (if cookies are enabled in your browser.)
I am using php as a backend but the process is similar. What I did was to create a php script that takes care the login process. Its output is in XML so I can easily parse it in my app.
Everytime my app is started I make a call to the logout function, because the session remains in the backend, or you can make a function in your Flex app to check if a session exists.
Basically, try to manage all the session management in the backend. If the information you provide in the flex app are not dynamic then you can have a security problem. Ther reason is that I can decompile and set my login information as true.
If something was not clear, notify me and I will try to clarify it.
i am making a web application using PHP and flex. what i want in my application is that, there has to be a login form. after login the user is given access to some more pages other than the regular pages. the whole page is in flex/flash. how can i manage this authorization on the same page? or is there any other way of accomplishing the task.. please help/\...
Put a status variable in the ModelLocator class(If you are using any Model class where your data can be accessed globally through out the application).
Once the user is authenticated and logged in successfuly update the status of the variable and you can authorize based on this status variable whether
the user is authorized to see the pages or not...
But i am again in some confusion, as i am new to flex coding. i am not using any such class that u named.
I have one doubt...
i have made 2 different mxml application pages. say page "one" and page "two".. both have different contents...
i have a login form on "one" .the login part is working fine... I want that if the user successfully logins into the system then only he'll be successfully redirected to the page "two". The redirection is also working. if someone directly accesses the page "two" how can i keep track that the page is being loaded after successful login & redirection. i am strangling around the SESSION and COOKIE things but nothing is working. Please guide about what is the correct way to perform the task.
Basically what i did was to send the session name/value pair back and forth from my flex app to my php script every time a request is send. The session details were stored in a shared object and sent as Request Parameter every time a request needed to be sent I was trying to mimic a typical html/Browser - Php scenario and it worked for me. PHP doesnt care who or what the client is(Session-wise) as long as you give it "phpsessid=3e3e33543eaa44a44" in every request.
I hope this helps and work for you too.
PS...Try using Application States instead of creating separate mxml files...Its alot easier
Thanks a lot. being a newbie i was unaware of what state means. its very easy to manage this way. Instead of making separate mxml's. Thankyou all for your support..
I have another problem, when I connected php and flex, I set a session at PHP, but when I use echo, the session is NULL and don't display anything. can u help me please