AIR Tip: Cookie Sharing between AIR and Web Browsers

Posted At : September 22, 2009 6:48 PM | Posted By : Jason Dean
Related Categories: Tip,HTTP,AIR

This is something I came across at work that I thought I would share, because at first, it had me scratching my head.

Internally, Adobe AIR uses webkit as a "browser" which is great, and as expected, it actually behaves like a browser, including cookie support for access to external resources. Which means that when you are making remote calls to resources, you can use cookies to maintain sessions, or for information tracking.

One question I did not ask when I first realized that there was cookie support in AIR, was 'Where are the cookies stored?'. Well, it turns out that AIR uses the operating system's network stack for cookie support. Which means that AIR shares its cookies with any other browsers that use the network stack, which includes Internet Explorer on Windows Safari on OSX. Firefox manages its own cookies so it is unaffected by any of this.

I realized this when I was testing an AIR application that communicated with a ColdBox application. If I logged into the AIR application, which automatically logged into the ColdBox application, then when I would browse to the ColdBox application in Internet Explorer, I would already be logged in.

I kind of wish that, like Firefox, AIR would manage its own cookies. It seems wrong that it should work this way. Maybe I am off-base, but I don't like it. I don't know if it is too late for this to ever change, but if it can...

Comments (5) |

Print |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 3310 Views

Related Blog Entries

Enabling Access to the Adobe AIR Tools in ColdFusion Builder (July 28, 2010)
Adobe AIR for JavaScript Developers: Pocket Guide (September 29, 2009)
Last Night's Hands-on Adobe AIR Presentation at TCCFUG - with source code (September 3, 2009)
Think twice before installing that AIR application (May 27, 2009)
Using WebScarab with Adobe AIR to Monitor HTTP Traffic (April 8, 2009)

Comments

[Add Comment] [Subscribe to Comments]

Very interesting. I would not have expected that.

# Posted By Ben Nadel | 9/23/09 11:44 AM

Hi, interesting post. I have one question, have you found a way to delete those AIR cookies?

# Posted By Trausti Dagsson | 1/7/10 12:43 PM

@trausti

No, I have not. I have not really tried to find away. In my situation is does not really affect my application. But I would be curious to know if there is a way to do it. Maybe I will look into that one of these days.

# Posted By Jason Dean | 1/7/10 1:09 PM

I can confirm what you said and it took me hours to finally find the "bug". I just could not make any Ajax-Call to a remote PHP script and attach a different Session-ID. Because Air always used a session-cookie from my Webkit browser.

But that behaviour is super great for login-mechanisms! You just need to redirect the user in Air to your remote login script (maybe even via browser) and evoila: the user is logged-in in Air and Safari/Webkit.

# Posted By Sebastian | 2/5/10 5:19 PM

Sorry, I forgot to mention the following solution:

You just assign a different Session Name in PHP if the call comes from Air. For me it runs perfect! Here is the code snippet which should come before session_start():

if(strpos($_SERVER["HTTP_USER_AGENT"],"AdobeAIR")>0)
ini_set("session.name","AIR_SID");
else ini_set("session.name","PHPSESSID");

# Posted By Sebastian | 2/5/10 5:47 PM

[Add Comment]

RSS

ColdFusion Project from RIAForge

cf i18n utils

i18n utils needed for cf g11n