This content has been marked as final. Show 5 replies
Hmmm... why do you need to pass the sessionId to the Flex app? Your sessionId already resides in the browser and associated with this particular user. If user does any calls to server - server also knows this sesionId.
Of course, you can pass sessionId to the Flex app - simply do the call to server and in response wrap sessionId() into XML send it back to client. The problem here is that storing any secure data in Flex is a security threat. It is possible to break into the SWF change sessionId variable to something else. So it is always better to leave all sensitive data to be handled by browser/session on their own.
does that mean I can set and access session variables with actionscript? I have not been able to find any documentation on this. But if so that makes things a lot easier.
You can't set session variables directly from the client side - sessions are maintained by server, so only server is able to set session variables. Client should send a request to server to do something.
To access variables in AS server should send them wrapped into XML to the client.
private function fGetVars():void
httpService.url = './getVars.php';
private function fVarsReceived(event:ResultEvent):void
var sessionId:String = new String(httpService.lastResult.response.sessionId);
//... check that session is valid
echo '<?xml version="1.0" encoding="UTF-8"?>';
echo '<response sessionId="'.session_id().'"/>";
There is only one problem with that - this approach is just unprofessional as it compromises the whole idea of sessions and security.
To read more about session vulnerabilities check this out:
OK, well what would be the best way to manage users with FLEX? maybe it would help to explain what I want to do.
I will have anywhere from 3 to 100 users viewing a video and chatting about what they are seeing while the video runs. Pretty simple. All I want to do is associate the username with that user comments on the chat (just like any chat works)
What is the best way to accomplish this with FLEX?
Username is fine. You even don't have to bounce user details back from server, as your application already knows the username entered - simply store it into the variable.