Thursday, September 4, 2008

using REAL http cookies in flash AS3

Using real cookies just makes sense for some tasks and can also make your life easier as any urlRequest includes them, great news for your server side processing.

As you can imagine, google gets a little confused with so many different "cookies" and comes back with one of two things...

1. "flash cookies" (SharedObject)
2. Doufus saying "HEY WOW, I figured out how to use cookies! just put them in the swf URL / loaderInfo flashvars!"

firstly, "flash cookies" are useless if you are calling php or asp files because they are not passed with the http request and as for the second option, it is poor security not to mention a pain in the ass to include cookie values in a URL.

A third approach was to use ExternalInterface to call a javascript function on the page that returns the cookie value, again, this is poor security because the value can just as easily be modified and faked. but it is closer to our goal.

The solution we came up with was to keep all the javascript flash side and pull the cookie string apart.

// make a javascript call in flash to return cookies from the DOM
var cookieValue:* = ExternalInterface.call("function(){return document.cookie;}");

view a demo

remember, you will need to refresh the page for the flashvars method to work [you can't set and get a cookie at the same time]

download example files

3 comments:

Santiago said...

Very useful example, thanks a lot!

francis said...

Will this work in air applications?

jiowfojieoij said...

I don't think it will work with air unless you create custom cookies in the http request...

Check this out for more info on that... http://www.kongregate.com/forums/4-programming/topics/137322