9 Replies Latest reply on May 7, 2010 5:40 PM by ryanstewartadobe

    Why HTML login? Is Flex not good enough?

    david.t.lanton Level 1

      I've been doing some reading on how a flex login system differs from a pure php login system, and came across an article by Adobe's very own Ryan Stewart where he says:

      The fewer Flex/Flash login forms there are the better

       

      Really?

       

      The article suggests that instead of implementing login  authentication in flex, we should direct the user to a separate html page  then direct back to flex. Neeless to say, I think this is the lamest ***  suggestion ever. I'm building a 100% flex app, and came to flex  precisely because it lets me not worry about maintaining a million  different php files on the server.

       

      Also, having a separate html login within my flex setup totally breaks my experience. We need our flex apps to gracefully change from state to state all within the app itself and this can't happen with adding html pages in the middle. If I'm going to have to mix html login pages with a flex app, I might as well go back to pure php and forget alltogether about Adobe products.

       

      You can read his whole article here:

       

      http://blog.digitalbackcountry.com/2010/01/flex-and-php-authentication-with-an-html-login- page/

       

      So my message to Adobe and especially the FB4 team: Instead of writing articles like this, how about you give us some decent tutorials on how to implement authentication with sessions in Flash Builder 4 and the new Data/Services? Until I figure out how to do this correctly, not a single Adobe-based app is going to meet the world from my computer. I've been reading around and this seems to be a major source of confusion among new flex developers. Forget about the "Evangelism Kit" that's supposed to help us promote flex to our clients. Until you help me do something as important as authentication, none of my clients is getting flex or adobe-based apps.

        • 1. Re: Why HTML login? Is Flex not good enough?
          -BoNzO- Level 2

          It's only Ryan's view. I think flex logins are perfectly fine, whether they are included in your main application or are a standalone application thrown at you when the server does not know you. I agree with you the user experience is way better that way.

          • 2. Re: Why HTML login? Is Flex not good enough?
            jsd99 Level 3

            Ryan's arguments make sense to me (browser auto-complete, cookie management where users expect it).

             

            If it doesn't work for you, don't do it.

            • 3. Re: Why HTML login? Is Flex not good enough?
              David_F57 Level 5

              hi,

               

              I'm not sure why you are upset about this article, it presents a view that under certain circumstances is preferred for some applications, especially when the client doesn't want unauthorised access to the application. I am aware of 2 banks a telco and a few insurance companies that specifically don't want ria's bypassing the existing corporate authentification methodology.

               

              You don't win clients by forcing upon them your personal preferences, the beauty of flex is we can offer the client any combination they want.

               

              The first question I ask clients that require authentication is whether they want it integrated or will they take care of it. When it comes to corporate/enterprise solutions its more common for applications/applets to be presented after login. As far as 'sessions' well if you are still stuck in the 90's go for it, Flex is not stateless it doesn't require the antiquated notion of maintaining state through 'sessions'.

               

              David.

              • 4. Re: Why HTML login? Is Flex not good enough?
                SpaghettiCoder Level 3

                HTML5 lover?

                 

                flash/flex hater?

                 

                No Adobe-Based app? so no illustrator, photoshop, dreamweaver in a design shop? good luck with that.

                • 5. Re: Why HTML login? Is Flex not good enough?
                  david.t.lanton Level 1

                  To clarify, I'm not uspet and I'm definitely not upset at Ryan himself. It's about the lack of good comprehensive tutorials on something that should be covered in depth. The only tutorial I could find that got close enough was from  Mihai Corlan, but even that is a little outdated and needs lots of  ironing.

                   

                  As far as 'sessions' well if you are still stuck in the 90's go for it, Flex is not stateless it doesn't require the antiquated notion of maintaining state through 'sessions'.

                  David, Are you kidding. Sessions are the defacto standard for user authentication. You can even spot them in the first line of Ryan's own example.

                  session_start();
                  $_SESSION['logged_in'] = false;
                  $_SESSION['username'] = ""

                   

                  The point isn't about whether I love or hate flex. We love whatever technology benefits our bottom line. The point is about a feedback message to Adobe. They asked what to include in the "Evangelism Kit" and we gave them feedback, and as developers using the technology, we should give feedback whenever needed. A better way to push flex than the evangelism kit is to provide this topic in more detail. Everywhere I go there are unanswered questions on this topic. Since it's all about my bottom line, it takes me a lot less time to implement the whole thing in PHP and my clients wouldn't mind it either way.

                  • 6. Re: Why HTML login? Is Flex not good enough?
                    oldMster Level 3

                    We do our own authentication between Flex and the back end database system. It isn't terribly difficult, but there is no reasonable way for a generic front end to satisfy all the possible authentication mechanisms a backend system might require. So, you will pretty much have to 'roll your own', based on the requirements the back end imposes.

                    Mark

                    • 7. Re: Why HTML login? Is Flex not good enough?
                      oldMster Level 3

                      Well, I have to agree that traditional sessions are unnecessary with Flex.  Since you have a 'stateful' client, they are not technically necessary.  With PHP, most of the 'heavy lifting' is done on the server side, and a way to keep track of the 'state' of the client is needed.  However, I do find it useful to simulate a session identifier, after  the authentication process, so that full authentication isn't required with every request.  This also reduces the authentication information exposure, since it is only exchanged during the initial exchange.

                      I don't use this to keep track of the client 'state' on the server, only to verify the request is from a previously authenticated client.  The server is truly stateless, any information needed for the server to supply the correct information is included with the request from the Flex client.

                      Mark

                      • 8. Re: Why HTML login? Is Flex not good enough?
                        david.t.lanton Level 1

                        Mark, Sessions are a server side thing. Nobody cares about the client now. Flex has its own internal states, so that can't be the question.

                        • 9. Re: Why HTML login? Is Flex not good enough?
                          ryanstewartadobe Adobe Employee

                          Hey David, great suggestion. And I agree, after looking, we need to do a better job of talking about how to do that in a traditional Flex application.

                           

                          My article was meant as an FYI, and while I do believe that the fewer Flex/Flash login pages there are, the better (for purely selfish UX reasons, not security), it definitely looks like we should do a better job of talking about authentication and logging in with Flex/Flash.

                           

                          So thanks for the suggestion. And for driving forum traffic to my blog

                           

                          =Ryan

                          ryan@adobe.com