Flex Security

From BriansWiki

Jump to: navigation, search

Here's the scenario: We want to use a Flex app on our intranet which uses a Coldfusion component to validate a user and set a "login" variable in their session scope. Then on every request we check for the login key in the session, and if we don't find it we redirect the user to the login page. The trouble is how do we handle a request to (and ideally from) a Flex application?

This may be an easy way out, but what I did was simply embed the Flash file into the application's index.cfm and created an Application.cfc that handles the usual Request handling routines. This works fine for starting the application, but if the user bypasses the Index and loads the swf directly, they can't access any data (since the backend cfc will go through the usual security check and fail) and the user will be clueless as to why the app is broken. What we really want is to give them a redirect to the login page.

Ideally I would like to get the swf to be able to check the login status of the user, but that would mean that it needs access to the session scope, which since flex is client side is impossible or we need to implement a Login Service, but then that would create another session and require a user to login again.

If anyone has any ideas on how to handle this better, please let me know.

Retrieved from "http://briancaufield.com/index.php?title=Flex_Security"
Personal tools