How can flash pass J2EE authentication - it can't send a cookie containing jsessionid

Question

We have a web page of a J2EE application, in which the user signs-in to the application. It contains a flash widget that needs to call services in the server, using the session that the user created. The web page passes the jsessionid to the flash widget, in order for the flash to use it to pass the authentication.

However, the flash player blocks this operation, due to security constraints, forbidding flash from sending cookies.

Is there a way to have the flash access protected services?

Answer 1

I don't know flash but you should be able to configure your app/server to encode the session in the url instead of using a cookie. It is a bit messy but it does work.

Answer 2

You should be able to configure your App Server to use URL Rewriting instead of JSESSIONID cookies. Here's some info on how to do it in WebSphere v5