Almost everything is in the title :
Here’s what I’d like to do :
- A nice html page with a php authentication process (http first then https & so on)
- Launch a flex app which knows (I don’t know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for the day (or whatever…).
Of course if someone try to call directly the flex app I would display an “authentication error” message and then redirect to the authentication page.
I’m sorry for my English which is perfectible.
I was thinking about the session cookie : first authenticate then ass a variable on the server side, something like :
$_SESSION['authenticate']=true
Then, on the flex side, just send the cookie and ask if the user is properly authenticated, something like calling a php web page like :
https://is_authenticated.php?php_session=xxxx
Thank you
Olivier
What are you using on the server side? Remember that you shouldn’t do anything in the flex application other then send the SESSION ID along with any requests. Any time where the client checks security, you have a bug. The server must validate the session and determine if the request is allowed.
It sounded in your last comment that you are worried about people manually calling a web page. Each page must check to see if the user is authenticated. I don’t know your specific application, but you may try looking at AMFPHP and see how they do session authentication. Good luck!