(With reference to this answer:)
When I POST with a URLRequest, does it automatically include cookies from the browser session in which Flash is hosted? If not, how can I make it include them, or if necessary retrieve them and include them myself?
views:
1884answers:
3
+5
A:
Provided the cookie domains (of the page hosting the Flash control and the URL to which you're posting) match, then yes, the browser cookies get sent with the request by default. As a quick example (working version here), I've thrown together a simple ColdFusion page hosting a SWF containing the following code:
<mx:Script>
<![CDATA[
private function btn_click():void
{
var req:URLRequest = new URLRequest("http://test.enunciato.org/test.cfm");
req.method = URLRequestMethod.POST;
var postData:URLVariables = new URLVariables();
postData.userName = "Joe";
postData.userCoolness = "very-cool";
req.data = postData;
navigateToURL(req);
}
]]>
</mx:Script>
<mx:Button click="btn_click()" label="Submit" />
... and in that page, I set a cookie, called "USERID", with a value of "12345". After clicking Submit, and navigating to another CFM, my server logs reveal the cookie passed through in the request:
POST /test.cfm HTTP/1.1 Mozilla/5.0
ASPSESSIONIDAASRDSRT=INDFAPMDINJLOOAHDELDNKBL;
JSESSIONID=60302395a68e3d3681c2;
USERID=12345
test.enunciato.org 200
If you test it out yourself, you'll see the postData in there as well.
Make sense?
Christian Nunciato
2009-01-21 23:53:23
Thanks. I also got ahold of an HTTP proxy (Charles -- http://www.charlesproxy.com/) and confirmed your result that way.
Eric
2009-01-22 18:03:51
Awesome, glad it worked out for ya.
Christian Nunciato
2009-01-22 18:22:01
A:
Not sure about flash. But couldn't you serialize the cookie and put it into the URL?
Maybe you would want to encrypt the data or transmit it in plain text but it might look like:
url:
www.example.com?newurl&cookiesession=true&cookieusername=bob
etc
(or I am missing something?)
cbrulak
2009-01-21 23:54:10
A:
I'm assuming you just wan't to include something like a session id for authentication purposes server-side.
To get the browser cookie from AS (needs javascript enabled, shouldn't be a problem for most users)
public var cookieStr:String;
public var cookieHeader:URLRequestHeader;
ExternalInterface.call('eval','window.cookieStr = function () {return document.cookie};')
cookieStr = ExternalInterface.call('cookieStr');
cookieHeader = new URLRequestHeader("Cookie",cookieStr);
Then, when using your URLRequest object:
var urlRequest:URLRequest = new URLRequest(...blah blah, url here, etc etc);
urlRequest.requestHeaders.push(cookieHeader);
Take note that Firefox does not send the cookies of the session along with a URLRequest, you will need a solution similar to the one above to overcome this problem.