Comments on: Flex and Flash RIA’s, Authentication, Sessions, Scalability

By: nkhili

nkhili — Tue, 20 Apr 2010 21:25:51 +0000

bonjour,
est ce que vous pouvez m’indiquer comment programer le cas connexion et deconnexion via un application crée avec flex+blazeds+hibernat+mysql

By: Vitaliy

Vitaliy — Wed, 14 Apr 2010 19:20:09 +0000

Well, it all sounds good in theory, but why would I want to reinvent the wheel with passing a token when JSESSIONID is already supported by all web servers? I think that session management on web/application server should suffice if we are talking about RIA.
With database generated tokens you are opening a can of worms. For instance, you now need to maintain session expiration policies yourself. The other thing is - do you propose to leave all service points on the webserver unprotected?

By: flexbee

flexbee — Mon, 01 Feb 2010 16:54:43 +0000

I guess, its a big performance hit not just becauz of the DB calls involved but also with the SSL for every request. There must be a better wrapper..!

By: Camille

Camille — Mon, 11 Jan 2010 21:26:28 +0000

Hi,

I’ve been searching for a good Login/Authentication outline using Flex and CF for a while, and yours is the best.

Could you please send some examples and/or a zip file.

Thanks.

By: Harshil

Harshil — Fri, 11 Dec 2009 03:05:41 +0000

Great Post.
I also have a requirement for role-based type requests. How would server make sure of the rights associated to that user?

The solution maybe to store both the key and Permission level associated with the user credentials. So all subsequent requests from the Flex Client app pass the key to the server, and server does 1) verfies the key 2) verifies the permission level to have access for the requested service.

Comments appreciated.

By: Eric

Eric — Sat, 14 Nov 2009 17:19:48 +0000

Didn’t think of that sulotion. Thanks!

By: Nash

Nash — Tue, 10 Nov 2009 10:17:04 +0000

Seems this approach will solve the session problem for flex ria application.

But at downside every request need to checked against database and database calls are always going to impact application response time and in case you have used encrpted key than it may take more time to get compared.

Probably, this solution will solve the problem but from performance point of view it needs some improvements.

My two cent thougts.

By: Derek Adams

Derek Adams — Wed, 07 Oct 2009 21:15:27 +0000

This is great if the flex app works within it self 100% of the time. Actually, the app my company has made uses this idea exactly.

But what if the user logs in to a web page, and then clicks a link to launch the flex app in the browser? How can the browser access the login information that the user has already entered? I’ve tried to store the values in a cookie just to pull them down into the flex app, but IE (really, a problem with IE?) recently added a restriction on cross domain cookies. This presents my problem.

Suggestions?

thanks :]

By: ashil

ashil — Sun, 04 Oct 2009 19:52:23 +0000

This is a very interresting problem. Your solution sounds fine, but is not detailed at all. How about role-base requests to the server? A user has, say, administrator priviledges. He sends requests with a valid key, but how the server knows about his rights? Maybe a type of key/role? I look forward to hearing more from you about this topic. I’m currently facing the same choices, and I didn’t find a lot of resources about it on the Net.

Cheers

By: abdul rahman

abdul rahman — Wed, 22 Jul 2009 09:18:54 +0000

Hi,
The solution provided was really good. Adding to Latesh, any solution to the above problem along with some code snippet would be welcomed and appreciated.
Thanks