Reputation: 21591
How can I get Flash to share the browser cookies/session?
I'm building a PHP-based web app and am integrating a Flash-based charting engine. The Flash chart needs to make a AJAX request for its data. This request fails because it is seen as a new user agent and doesn't contain the PHP session cookie to identify it. So, it gets redirected to the login page.
I've read a few hacks to make this work, including supplying the session ID on the querystring, but that opens up security holes. How can I get Flash and PHP to share cookie-based session state automatically and stay secure?
Upvotes: 3
Views: 6357
Answers (5)
Reputation: 1152
You should be aware that transmitting a session ID in a Cookie: header, or in the argument field of the GET HTTP directive is of no different security.
Upvotes: 1
Reputation: 30035
you can try and send to php 2 parameters one session_id and a second one that is an key that combines some information from the client ( ex ip ) and encrypt it with a key stored on the server and on the request from flash you check to see the second paramaters matches the client request, this way if somebody trys to do a session stealing they cant because they will not match the second param
Upvotes: -1
Reputation:
In IE it will work naively. In firefox, the only way to achieve this is to POST the session id into the flash script (the php processor that is), and have it restore the session from that.
Upvotes: 2
Reputation: 32315
If the session cookie is initiated early enough, then it should be OK. I've had a similar problem with cookies shared between JavaScript AJAX and Flash requests (if you want to call that AJAX too, go ahead :-) ), and we solved them by making sure the JavaSCript finished the request that initiated the cookie early enough so that when the Flash sent the request, the browser already had the session cookie.
Also making sure the cookie path was set to "/" was a good idea.
That being said, if you can't get it to work - as dirkgently said - you can store the information in the HTML DOM using a JavaScript AJAX call, and then fetch it from the Flash object using an ExternalInterface call. But do make sure to set at least "allowScriptAccess=sameDomain" on your Flash object
Upvotes: 1
Reputation: 111120
Use ExternalInterface to talk to the Flex chart. Some browser related information can be passed around via the LoaderContext and BrowserManager classes as well. Dig in a bit into the AS3 documentation.
Upvotes: 0
Related Questions
- Passing PHP Session to ActionScript
- Cookies with flash player
- Share cookie/data between multiple domains and swf's
- Flash shared object (i.e. flash cookie) is not shared with Chrome
- Something like cookies in Flash/ActionScript
- How to share session between flash AS3 and PHP?
- Transfer PHP session to flash
- Flash+PHP+cookie
- How do I do sessions with a Flash client?
- Sessions when called by flash