5 Replies Latest reply on Jun 10, 2008 7:17 PM by Mitek17

    passing PHP session variable to FLEX app

    matchestheclown Level 1
      Does anyone know how to pass a PHP session variale to a FLEX app? Basicall I want users to log in and track them through the app by session variable.

      Thanks for any help
        • 1. Re: passing PHP session variable to FLEX app
          Mitek17 Level 1
          Hmmm... why do you need to pass the sessionId to the Flex app? Your sessionId already resides in the browser and associated with this particular user. If user does any calls to server - server also knows this sesionId.

          Of course, you can pass sessionId to the Flex app - simply do the call to server and in response wrap sessionId() into XML send it back to client. The problem here is that storing any secure data in Flex is a security threat. It is possible to break into the SWF change sessionId variable to something else. So it is always better to leave all sensitive data to be handled by browser/session on their own.

          Cheers,
          Dmitri.
          • 2. passing PHP session variable to FLEX app
            matchestheclown Level 1
            does that mean I can set and access session variables with actionscript? I have not been able to find any documentation on this. But if so that makes things a lot easier.
            • 3. Re: passing PHP session variable to FLEX app
              Mitek17 Level 1
              You can't set session variables directly from the client side - sessions are maintained by server, so only server is able to set session variables. Client should send a request to server to do something.

              To access variables in AS server should send them wrapped into XML to the client.

              E.g.

              private function fGetVars():void
              {
              httpService.url = './getVars.php';
              httpService.addEventListener("result", fVarsReceived);
              httpService.send();
              }

              private function fVarsReceived(event:ResultEvent):void
              {
              var sessionId:String = new String(httpService.lastResult.response.sessionId);

              }

              ===================================
              getVars.php
              ================
              start_session();
              //... check that session is valid
              echo '<?xml version="1.0" encoding="UTF-8"?>';
              echo '<response sessionId="'.session_id().'"/>";


              There is only one problem with that - this approach is just unprofessional as it compromises the whole idea of sessions and security.
              To read more about session vulnerabilities check this out:
              http://en.wikipedia.org/wiki/Session_fixation
              http://www.acros.si/papers/session_fixation.pdf

              Cheers,
              Dmitri.
              • 4. Re: passing PHP session variable to FLEX app
                matchestheclown Level 1
                OK, well what would be the best way to manage users with FLEX? maybe it would help to explain what I want to do.

                I will have anywhere from 3 to 100 users viewing a video and chatting about what they are seeing while the video runs. Pretty simple. All I want to do is associate the username with that user comments on the chat (just like any chat works)

                What is the best way to accomplish this with FLEX?
                • 5. Re: passing PHP session variable to FLEX app
                  Mitek17 Level 1
                  Username is fine. You even don't have to bounce user details back from server, as your application already knows the username entered - simply store it into the variable.