valley (2) [Avatar] Offline
#1
Hi there,
perhaps i've just not seen the answer in the book, but the Flex application always
calls Rails methods, that have been secured with a before_filter, which requires login.
But how does this work for the method calls you do from the Flex application ? How
does the Rails application know that a user has logged in in the Flex application and therefore is allowed to call all these methods ?
I guess there cannot be stored some information like a user_id in a session cookie in
that situation and i've not seen that the Flex app sends some logged in info with each
Rails method call.

Thanks for clarify this.
Best regards
valley
omichowdhury (3) [Avatar] Offline
#2
Re: Login Question
In short the HTTPService handles it all for you.

When you make a request, HTTPService appends a header with the relevant cookie, if you have previously been issued from that server.

This cookie keeps you authenticated even if the application does not supply the cookie. You don't have to handle cookies when submitting HTML forms either, the browser handles that for you.

Thus Rails isn't doing anything special, it just sees a normal HTTP request with a cookie, no different from a HTML form request (apart from content). These cookies can also be used with any server side software because they are the same as normal cookies.

I'm not actually sure whether this cookie stuff happens in HTTPService or in a lower level. It could happen in the Flash Player, or even the browser itself.