I've been digging and have installed and written a few simple AMFPHP examples.

The question I have is three part.

1. Is the flash remoting connection stateless? The tutorial on this site says the connection from the clients end at least is on until it's terminated. It would then stand to reason that the server-side also holds information about the connection. Which leads me to my next question.

2. Is there a way to keep persistent data like a login record on the server. My concern is security. The less I pass sensitive information the happier I'll be. As well as the least work my server has to do retrieving it repeatedly is fine by me.

3. I've read alot of what macromedia has to say about security. And from what I've gathered since the gateway in reached through http, It can also be reached through https. Are there any other known holes in the pipe?

Thanks in advance for your help.

Its not exactly stateless as I see it, I mean every call to the server regardless of the connection is a http request. So in order to have a pseudo stateless data stored in the database you would need to pass some sort of unique identifier back and forth on every call.

In order to have a persistent stateless connection you would need to use Sockets.

Yeah. Thats what I thought. I started with sockets and was having some trouble securing the connection. Like I couldn't find anyone that even talked about it. You got any suggestions.

Thanks.

What do you want to know? I have worked fairly extensively with socket communications involving flash and PHP and PERL.

Your main obstacle with securing the connection is that Flash has no native way to encrypt data over sockets. You can send data over https but that is not a persistent connection. There are some one way encryption algorithms but as far as two way encryption its just not possible with flash yet.

That's what I've recently figured out after figuring out how to connect to a socket and maintain connection.

Everything with AMFPHP is over http correct?

I guess I'll have to use session to maintain info.

Are you aware of any restrictions with service sizes? I tried to convert my app to work with remoting and built a service to contain it all and for some reason when ever I include/require my library files it stops working. If I build the functions in the service it works, but if I try to use lib files it chokes.

Thanks a lot for all your help.