Can flex application will support the session objects

[Gokulanand]

Hi,

I created my own flex application, i have not used any jsp over there and i
want to create session and maintain in that only .

Will that be possible in flex application without using jsp.

Thanks in Advance.

[ntsiii]

Yes, often when people want to use a server session, it is because they have
not fully embraced the Flex paradigm.

Sure, some very advanced application architectures could reasonably require
using a server session.

But for many apps servr session is not needed. The common use of a server
session is to maintain "state" for a particular user between calls from an html
page. Since html is "stateless", when you want to store data from one call to
the next, you have to store it on the server, and access it later using the
session. In Flex, the client application itself keeps the state, and NEVER
needs to refresh the ui by calling an url. The only calls to the server are
for data. (BTW, 'AJAX' is another approach to keeping state on the client ).

Shared Objects take this a step further, by retaining data between client Flex
app starts and stops. They are kind of like "cookies", but can store much more
data.

So be sure you really need server-side sessions. If you still do, there are
ways to access it, but it requires a server-side application, like JSP, of
course.

Tracy

[Gokulanand]

hi,

Thank u guy's

now i had new prob with tomcat server

i am adding the mxml tags in exciting jsp file

i declared <%@ taglib uri="FlexTagLib" prefix="mm" %> at the starting

and in WEB-INF also mentioned and flex bootstrab .jar also added enenthugh i
am getting the error

org.apache.jasper.JasperException: File "/FlexTagLib" not found

can anybody help me

thanks in advance

[TKJames]

Hi.

I am one of the newbies trying to get the flex approach into my head. I see
this is an old thread, but relavant to me so I'll reply here.

If the users data is stored on the client, then is it accessible to the user
directly? Is the repository encrypted?

The reason I ask is that even a minor app you would have a differentiation of
user roles - some with more power than others. Assuming that there is one
version of the app, then it must present a different UI users holding each
role...in which case if the user can access the role key offline then restart
the app it is a bad thing.

J.

[TKJames]

Hi.

I am one of the newbies trying to get the flex approach into my head. I see
this is an old thread, but relavant to me so I'll reply here.

If the users data is stored on the client, then is it accessible to the user
directly? Is the repository encrypted?

The reason I ask is that even a minor app you would have a differentiation of
user roles - some with more power than others. Assuming that there is one
version of the app, then it must present a different UI users holding each
role...in which case if the user can access the role key offline then restart
the app it is a bad thing.

J.

[ntsiii]

It is not that "user data is stored on the client", it is that "state" CAN be
stored/retained on the client. Nothig is automatically stored on the client,
you must programmatically cause it to happen. Instead of having the server
assign a session id, then pass it to the client, who pases it back to the
server on the next refresh, you could simply keep the necessary database
identity key on the client in a MEMORY variable. You do not need to save it
to a local respository(called a Local Shared Object) although you can if you
want. The Local Shared Object is not encrypted.

If the database identity keys are stored in the player in memory, when a user
does refresh, that info will be lost and not available to someone else on the
machine. That new person would have to log on again, to get whatever rolses
they were entitled.

Do you follow?

Tracy

[TKJames]

Tracy,

Thanks for the response.

Thinking about it, the memory variable is no worse than the session stored in
cookies in ASP, or in the page by HTML session management approaches, although
one would expect that someone with a memory viewing tool might be able to get
and set the memory information.

So, is there any built-in function to encrypt critical memory-resident data?

Also, does Flex introduce any security-specific enhancements over
web-browsers? This could vitally important in terms of the scope of
applications that could benefit from Flex.

J.

[ntsiii]

No, there is no built in functionality for encryption.

Flex runs within the Flash Player, which has very strict security
restrictions. Of course, the security is focused on preventing malicious code
in the player itself from accessing a client's resources. It is not focused on
protecting the Flash Player from an attack from a client.

Tracy

[TKJames]

Tracy

Thanks for the prompt and useful response. I have some other questions on app serving but I'll open a new topic for those.

J.