Using cflogin with Flash Remoting

I did a session on Flash Remoting with ColdFusion at Flashforward here in San Francisco, and I got a pretty good question from someone in the audience. He wanted to know how to use ColdFusion’s built-in authentication mechanism with ColdFusion components and Flash Remoting. Fortunately, ColdFusion and Flash make it very easy.

First of all, CFC functions have an optional “roles” attribute which you can use to limit access to that specific function. So the first thing you do is specify a coma-delimited list of roles which are valid for your function. The example function I wrote is below:

<cffunction name="getDate"
<cfreturn #now()# />

The next thing you do is use the setCredentials function on a NetConnection instance in ActionScript. Example code below:

var gw = "http://localhost/flashservices/gateway";
var con = NetServices.createGatewayConnection(gw);
// username and password are text fields...
con.setCredentials(username.text, password.text);
var serv = con.getService("com.macromedia.tests.auth_test", this);

The last thing you have to do is map your username and your password to one or more roles, which you do using cflogin and cfloginuser. I put the following code in an example Application.cfm file:

<cfapplication name="authTest" />
<cfif isDefined("cflogin")>
<cfif eq "someUsername" and
cflogin.password eq "somePassword">
<cfloginuser name=""
roles="admin" />

That’s all you have to do.

5 Responses to Using cflogin with Flash Remoting

  1. ale says:

    uh? does any of the comments above pertain to this? I think there’s a mesed up db somewhere…

  2. Jon says:

    Hi Chris,I have a question on this for you. I read in livedocs that cflogin uses a browser cookie to manage state. How does this work for a flash client that may not be in a browser. Does flash also allow for this “browser” cookie? We need more info on how to maitain state with remote flash apps.Thanks.-J

  3. I don’t think it will work in the standalone Flash player. I think the Flash movie has to be running inside of a browser for sessions to work. You might want to set up a quick test to be sure, though.

  4. Brook says:

    OKay, I am using cflogin from flash and it seems to be working great. When the flash app starts, I call a CFC called authTest to test if the user is currently authenticated, and if not I show the login dialog and go through the login steps. Works great.Now, the problem is that the session on the server will expire after 20 mins of inactivity(or whatever its set to). So I need to show a warning of session timeout within my Flash Client, and also timeout/logout the cleint after the session timeout is reached.The issue is complicated by the fact that as the user moves through the flash application, not all clicks trigger remoting, so the user could be actively using the app, but the session limit would NOT be reset on the server until a remoting call was made.I guess I will need to create some kind of timer in flash that counts down the session timeout and reset everytime there is any activity. If the timer gets down to 2 mins remaining before the timeout, it would throw up a warning to the client. If the timer ran out completely, the app would initiate a logout and send the user back to the login screen.I think that should work (thoughts?), but the problem that remains is communicating with the server to keep the session active while the user is browsing content that does not initiate any server communication/remoting. Do you think setting a second timer (setInterval()), to run every 10 minutes, call a simple CFC, just to keep the session active, is a good idea?Let me know what you think?

  5. Will that allow you to use CF session variables directly with flash ?Or you will have to setup some kind of application variable that would use your authentication info as a key to store session datas ?Cheers,//P.