I’ve implemented the first stage of my new site design. It will take me another 2 weeks to implement additional navigation, fix some IE specific issues, and optimize the CSS & images. If you have problems (visual or technical), please leave a comment here. I’d love to hear them!
I’m aware the main navigation links are broken on IE 6 Windows. For you IE Win users, until I have time to fix the transparency issues, here’s the About page and the Search page.
A client I did some Flash work for 6 months ago sent me an email today inquiring about more potential work. It was a small engine to play a series of SWF’s in a loop; when one SWF is done playing, the next plays, and this process repeats indefinately. These SWF’s would be created by various developers. A simpler version (on purpose) of my CaptivatePlayer. It is used in this particular instance to showcase advertising on a plasma in various stores in New York.
Here is a quote from the email:
… I wanted to let you know your script has been running
flawlessly 24/7 for FOUR MONTHS. …
I love Flash…
I’m looking for corroboration, confirmation, and/or corrections, so if you got ’em, throw ’em in the comments please and I’ll update this post.
The more popular Flex and Flash gets, the more exposure I get to large server-side development teams. As most have developed a lot of web based applications, the question of session handling comes up time and time again. I’ve attempted to compare and contrast the current known methods for utilizing sessions in a web browser, and their parrellels with Flex & Flash development. My goal is to better understand why you do or do not need session handling in your web application.
In this post’s context, a session is defined as a way to uniquely indentify the client to the server. Since normal http interactions are stateless, there is no way for a request from the client web browser to the server to be uniquely identified. Where such situations are needed to know which client is which, and keep data associated with that client while they are interacting with the web application, a sessions is used. The real-world example is keep a list of items a user has added to their cart in an ecommerce site. Even if they go from page to page throughout the site, or back, the session keeps track of their cart items.
The three main ways to do this are:
The first way involves appending variables that are relevant to the web application state to the end of the URL and making sure each page continues to attach this information along as well. Hyperlinks may add &id=234890somerandomnum&cartitem1=someproductid to the end of the URL when travelling from page to page. The server-side code garner’s context, if needed, since these variables are passed to the server before processing the next page. The pro’s to this is you can easily see what variables are working during development, and this allows you to tweak your pages to test things while using the app. The cons are unweildy URL’s that are extremely long, if you miss passing one variable the whole thing gets fubarred, and harder to secure (assuming your methods handling the server-side variables don’t check for arbitrary data which they should).
The second way involves sticking a session ID or even additional vars like the above into a hidden form field(s).
The third way involves utilizing cookies that store session information. Pro is this is very application transparent for the front end, but the con is if cookies are disabled, it won’t work.
My take as to why server-side developers like sessions is that role information is encapsulated into the request. In the case of AMFPHP for example, each server-side method in a PHP class has a role or set of roles that are allowed to call it. Upon logging in using normal browser security, you’re role is set. This provides transparent interaction between client and server. You can even handle a custom fault of not having the role privaledge to access certain functionality, or even “re-login” if need be without refreshing the page. I guess I don’t understand where this persists, though. J2EE has a similiar setup with a nice, built-in security that works.
The state arguments, however, make no sense. It is understandable since it requires a lot of effort to work with the developers to get them out of the “page” mindset. There is no page; it’s an application like Outlook; it has state, and doesn’t lose it. There is no page refresh.
I once worked on a Flash app where in using OpenAMF, the Java guy wanted me to pass him the session ID as the first parameter to every method call. I’d login, get the sessionID as a return value, and set it to a global (static) variable in the Flash app. Every Delegate call pre-pended this value as the first parameter to method calls. It wasn’t so bad, but I never really understood what the session gave us.
The hidden form variable works similiar to the above; you just store whatever variables you want to keep around in a global/static class.
While Flex & Flash have their own cookies, they are used for ensuring data persistence across application usage, not sessions. So, if I reboot my computer after using an application, the data will be there tomorrow type of thing. They are for data storage. Just like browser cookies I guess, only harder to delete (harder meaning not built into web browsers like cookies are).
The current Flex & ColdFusion app I work on, we don’t use ’em. The Flex app keeps state, and just calls ColdFusion CRUD methods. I’m sure we could add roles if need be, but I guess I just don’t get it beyond the built in security some server-side technology has to authenticate requests.
I’ve never really found a definitive article explaining the session’s role in Flash & Flex development. I’ve seen it discussed more on Flexcoders, but this is mainly because of the influx of server-side talent on that list who is used to dealing with such state. The typical response is “you don’t need them, Flex is a stateful client”, and yet the “logging in” is still discussed. If anyone has anymore sources to add to the above (or correct), please link.
I went through this tutorial, and replaced all the Flex stuff with 56 lines of ActionScript in Flash 8. Getting XML into Flash is the Flash Developer’s tried, true, and trusted way of getting dynamic data. Took me 30 minutes in total: 30 seconds to do the rails setup, 20 minutes to install/uninstall/reinstall MySQL 4.1 (POS!!!), and 5 to get data. I spent another 15 unsucessfully sending XML to the create method. It was creating records, but wasn’t getting the XML I sent. I tried every version of the XML object I know to no avail.
Here, I created the XML string by hand:
function createUser()
{
trace("createUser");
var s:String = "";
s += "<request>";
s += "<user>";
s += "<updated-date/>";
s += "<creation-date/>";
s += "<username>doom</username>";
s += "<id type='integer'></id>";
s += "<password>heck</password>";
s += "<email>doom@finalbattle.com</email>";
s += "</user>";
s += "</request>";
And then here I send the request:
create_xml = new XML(); create_xml.ignoreWhite = true; create_xml.parseXML(s); trace("---------------"); trace("sending: create_xml: " + create_xml); create_xml.contentType = "application/xml"; create_xml.onLoad = function(success) { trace("create success: " + success); trace(this); }; create_xml.sendAndLoad("http://localhost:3000/users/create", create_xml, "POST"); }
I opened ServiceCapture and started examining the traffic, and nothing jumped out at me. I got pulled away to do a Podcast so I’ll just have to do it in Flex, and compare since I’m probably just not formulating my XML message correctly.
Anyway, damn yo… 5 minutes to read from and write to a DB? Awesome!