Maintain Session State With Flex Upload To CF

Posted By : todd sharp Posted At : December 1, 2008 9:05 AM Posted In: Flex, ActionScript

6

I've started to dabble a bit in Flex/ActionScript lately, so I'm starting to pay attention to some more Flex/AS related posts via the aggregators. This morning a post to the Flex cookbook titled Why is session info (cookies) not sent when uploading files in Firefox caught my eye since I struggled with this issue a bit recently. The article explains why session state is not maintained when using FileReference.upload(), but it doesn't explain how to workaround the issue.

To workaround the issue when uploading to a ColdFusion server, the tactic that I have come up with is to pass the jsessionid into my Flex application (via Flash vars) and then pass the jsessionid along with my file upload by appending it to the target url. I'm not 100% sure this is the best solution (feel free to comment with other ideas or suggestions), but it serves the purpose of maintaining session state which allows me to do things like ensure that a valid, logged in user is performing the upload.

3621 Views Send Print Comments (6)

Comments (6)

Subscribe to Comments Add Comment

Raul Riera's Gravatar Can you provide the flash var example, I have tried this with a flex uploader of mine with no luck.. I have to bypass security on the application.cfc for that request (nuts, but is the only workaround for me so far) passing the tokens didnt work for me (I am using the CFLOGIN and not a custom session login tracker)

Posted by: Raul Riera on: 12/1/08 10:33 AM

jason olmsted's Gravatar Ben Forta has a blog entry discussing <a href="http://www.forta.com/blog/index.cfm/2007/11/15/Fle... Flex to the CF Session</a> and I recently blogged on <a href="http://blog.shortfusion.com/index.cfm/2008/11/21/F... to keep a Flex app synched to a CF session</a>,
however, for file uploads through Flex (which I have done in the context of an ordering process), I typically deliver the file with additional form variables that specify what ought to happen; in my case it is an orderid.

You have a couple of competing issues here - connecting to your session state and security. Depending on what you need to happen, you might consider having your Flex ask for the upload destination and whatever else is needed from the CF side as an encrypted string and then deliver that string with the file ... that way your Flex pathway doesn't come back to haunt you (encryption & decryption remain server side so you shouldn't run into problems).

Posted by: jason olmsted on: 12/1/08 11:14 AM

TJ Downes's Gravatar Or you could forego the use of sessions altogether. CF developers seem to have a woody for sessions. In reality, Flash apps are a stateful environment and maintaining state with the server is not necessary if you architect your applications properly :D

Posted by: TJ Downes on: 12/1/08 11:42 AM

Raul Riera's Gravatar @TJ that would work for full flex apps, in my case its hibrid so I log in via HTML (cfml of course), and only the uploader is on flex...

Posted by: Raul Riera on: 12/1/08 2:41 PM

TJ Downes's Gravatar Joe Rhinehart and I actually had a quick discussion on this subject this morning. I was rather impressed with his method, it seems to be the best by far that I've seen if you need to use sessions to maintain state and provide a security mechanism in a full-fledged Flash app
http://www.firemoss.com/post.cfm/Flex-Security-Ses...

Posted by: TJ Downes on: 12/1/08 7:24 PM

johans's Gravatar I use the same approach and it works fine - see comment on Dan Vega's blog about it:

http://www.danvega.org/blog/index.cfm/2008/7/31/Co...

The other thing I do is run a ping timer in my Flex/Air app that keeps the session alive on the server.

Posted by: johans on: 12/1/08 10:30 PM
Add Comment

  • Calendar

    << September 2010 >>
    Sun Mon Tue Wed Thu Fri Sat
       1234
    5 6 7 8 9 10 11
    12 13 14 15 16 17 18
    19 20 21 22 23 24 25
    26 27 28 29 30   

  • Subscribe

    • Enter your email address to subscribe to this blog.