Each request to a session-enabled ASP.NET page returns a cookie with the session id. By sending this ASP.NET_SessionId cookie back upon each request you can benefit from the session support built in ASP.NET.
There's one problem however: there doesn't seem to be a way to get the cookie information after an HttpService request... This is not going to stop us of course :)
The solution is easy:
- Create an ASP.NET page that returns the session id (in the 'normal' page output)
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
Response.Write(Session.SessionID);
Response.End();
}
}
- Store the session id in your Flex application for re-use
...
private function loginRequestHandler(event:ResultEvent):void
{ sessionCookie = event.result.toString(); }
...
- Re-use the cookie information with each new request:
...
userRequest.headers = "Cookie: ASP.NET_SessionId=" + sessionCookie;
userRequest.send();
...
4 comments:
Hey Ria,
My Flex application consumes a stateful .NET webservice which uses Session.
I saw your post on HTTPService header being set with the cookie ASP.NET_SessionId. I tried to do the same with the Webservice.headers. But seems like Webservice.headers is a read only property. Do you know any work around for this?
I also tried
var qName:QName:new QName("https://tollynation.com","Cookie:ASP.NET_SessionId");
var header:SOAPHeader=new SOAPHeader(qName,sessionCookie);
sendService.addHeader(header);
The above doesn't seem to take me anywhere.
Please let me know your inputs on this.
Thanks,
Kiran.
I have some security concerns about this approach. Basically what this means is anyone could spoof a session state. Probably not a great idea for most web apps.
It's not safer or unsafer than any other session enabled web application.
Has anyone successfully done this? Kiran.. did you solve your problem. Im facing the exact same.
Post a Comment