Hi,

We have a portal page which contains an embedded Flash interface in an otherwise common Drupal theme. The user may log in/out one of two ways: in the Flash embedded in the middle of the page, or via My Account (the conventional Drupal login method). Right now, if the user logs in via Flash, there is an active sessid in the Flash due to that, but if the user navigates elsewhere in the Drupal site they still see "Login/register to post comments" etc. So, they are logged into the Services (XMLRPC) session but NOT into the Drupal session the Flash is embedded in - correct?

There is a "Log out" button in Drupal secondary nav that obviously logs them out of the main session, but the Flash still indicates they are logged in. How do we set up the site so there is only ever one session - and they can log in either via Drupal or via the embedded Flash interface? I'd like for instance if they could log in via the embedded Flash, then go to something in the Drupal page to comment on and be authenticated just the same.

I hope this makes sense and is simple enough. Thank you so much for this great and useful module!

-Patrick

Comments

pkrekelb’s picture

pkrekelb commented

is it possible for Services (via either XML-RPC or AMFPHP) to use the same login session as the HTML it is embedded in?

marcingy’s picture

marcingy commented
Status: Active » Closed (won't fix)

The responsibility of achieving this would have to lie with the flash application itself. Drupal's login registration system is cookie based. Therefore if the flash application checks for the presence of the cookie it can then call services with the session id assocaited with the browser - I'm assuming that you are on the same domain and hence have the right to read the cookie. Services is stateless and therefore needs the client to pass in the appropriate creditenals, it has doesn't attempt to manipulate multiple sessions for a given user - in the same way as drupal core doesn't (ie you can login in and logout on multiple browser independently).