In my Flex application, channelSet is reset on each browser refresh. If you've authenticated and refresh the page and check channelSet.authenticated, it says false, but your remoteObject calls will still work because the server session still exists.
I have a service call that checks for a session on the server and can identify that one exists when a user has already authenticated and not logged out, but how can I bypass login and still set the channelSet.authenticated to true without calling channelSet.login() when they come back to the page(before a timeout occurs, of course)?
UPDATE: The user session isn't closed if you exit the browser. Currently it does in fact make you log in again. But there is an existing session so blazeds returns a re-authentication error if you're not the user in the session, and it also allows you to login with any password if you are the user because it sees that the session has already been authenticated.
So how can I make it so the session is invalidated upon closing the browser or refreshing? I could do it by automatically logging out when the app starts, but that doesn't seem very elegant.
alternatively I could do something like this:
<body onunload="MyFlexApp.myFlexFunction();">
and call logout automatically when they leave the page.
What's the proper way to handle this?