[OpenID] Flash based authentication?

[Peter Serwylo]

Thanks for your reply mate.

>  Typically, that's OK, since that is a move from anonymous/guest mode
> to a "signed in" mode where the authenticated user's profile data has
> been summoned from the database and is used to "personalize" the page,
> and possibly the flash content, via flashvars.
> 

That is usually the case, but we are doing all of this via remoting so
as to not reload our apps (there can get upwards of 1 or 2mb even after
using flex modules and runtime shared libraries).

> 
> Anyway, the idea I wanted to raise is using Flash's "Shared Object",
> their private "cookie" system, built into the player. If I understand
> you, that may be a useful way to "bridge" the sessions when filling
> out big forms. The amount of storage is limited (but can be
> substantial, ~100k is not uncommon) and is controlled by the user. But
> having wrestled with this problem a bit, that works well -- when the
> user needs to "refresh" their session, you may be able to just store
> all the work in progress for the form in a Flash shared object and
> send the user on their way to be directed to an OP, and redirected
> back with a freshly authenticated session. When the user returns, the
> saved form data will still be available in the stored shared object,
> enabling the form to be "reconstituted" to the state it was in
> previously, partially filled out by the user.

I think this may be the only way to go.
It wasn't so much the amount of data that was the worry, just the convenience of not having to repopulate our (dynamically generated) forms after a timeout. 
So yeah, I reckon this method should do fine.

Cheers,
Pete