Thursday, February 22, 2007

Writing a session variable or cookie from Flex

One limitation of Flex is that you're not able to create session variables or cookies using actionscript. Flex and Flash do have their own cookie substitute, Local Shared Objects, however LSOs can only be used within the Flex app that created them and they definitely can't be read by the browser itself.

But let's say you have a situation where you have a user login in your Flex app and you want that login to carry over to other pages on your site. The website already contains it's own login which creates a session variable or cookie to determine whether the user has been logged in. What you want to do is create that same variable when the user logs into your Flex app so that when they browse to other pages in your site they stay logged in.

This can be solved pretty easily using a hidden frame on the same page as your Flex app. Just add a simple iframe tag to your page:

<iframe name="loginHide" frameborder="0" width="700" scrolling="no" height="0"></iframe>

Then create a page that accepts login info in the query string and uses that info to create the session or cookie (the same as your login page). When the user logs in to your Flex app, send the login info to the page you created and target the hidden iframe:

getURL("loginHidden.aspx?userName="+userName+"&password="+password, "loginHide");

Voila! The variable is created. Of course, this is only one way to do it. If your Flex app exists in a popup window, you could just use javascript in your getURL function to refresh the popup's parent page, sending it the login info in the query string the same way. Or you could even send the login info to any page (target="_blank"), if you don't mind a new web browser window opening when the user logs into your flex app. The hidden frame gets around this problem though.

5 comments:

United Local Bands said...

What if your flex app loads on a page that is already "logged in"

I'm trying to use a multi-file upload flex2 app by Ryan Favro that allows user to upload many pictures at one time.

A user will login, then they can browse the the picture uploader.

When the picture uploader is initialized it creates it own new session variables.

How do I get the flex 2 app to use the current session variables created when the user logged?

This is a problem because I cant tell who is uploading what.

Oddly enough this is only a problem in Firefox, Opera, and Safari..

It work perfect in IE 6, & 7

Oh, I'm using coldfusion for my server side script,


Thanks a Bunch James C

jmszone said...

This is a nice trick but it results in a major security whole in your app. In general, you shouldn't pass sensitive data through a query string or GET method. You can try to use ajax to set the cookie instead. I'm working on this type of technique so I will post the code if/when I get it to work.

JMSZone.com

Aaron Bernard said...

Hopefully this isn't beating an old dead horse, but do you have a code snippet for you you would do the following: "If your Flex app exists in a popup window, you could just use javascript in your getURL function to refresh the popup's parent page, sending it the login info in the query string the same way."

I have an ASP page that has a popup with an embedded Flex Map. The user selects their location, and i'm trying to get the Lat/Lon passed back to the ASP parent page through a query string.

Thanks!

Unknown said...

Here is my problem. A user logs in to a website, then clicks a link to take them to my flex 3 app. I previously had the website create a cookie with the login credentials, but recently IE has locked down cross domain cookies. In other words, I can't access those cookies anymore. How can I access the browser's session variables to auto log the user into my app?

jmszone said...

See this...

http://www.codeexchange.org/show_code.php?id=45&type=source_code&language=Flex

Hopefully it will offer a solution!