Wednesday, February 15, 2006

Points to remember when using SSL + IE + Flash

(I got no time to write it in detail. Bear with me, please ;-))

Flash UI (built using AMES), Java for backend code (on Websphere app server), OpenAMF to communicate between Flash and Java. Thats the basic tech stack of the application that I am current working on.

We use SSL to send / receive sensitive information to / from the server. The development machines use Tomcat server instead of websphere. Things were fine until we tested the app with HTTPS on Websphere. Only on IE, the netConnection call returned with a "Call failed" error. Logs showed that the Java code was receiving calls and was returning the data, But the connection kept failing.everytime a HTTPS connection was made.

Thanks to Abdul Qabiz, who was quick to point me into sniffing the HTTPS headers being received. This tip off helped us narrow down our 'googling' and we figured out that there was an issue with IE and SSL that was causing this issue.

The following pages came to be of great help:
macromedia Technote
Microsoft Knowledge base:
http://support.microsoft.com/kb/323308/
http://support.microsoft.com/kb/815313/

and of course this post from Gary Matthew Rogers.

And the solution, we added the following line of code in Java before sending the response back to Flash:

HttpServeletResponseObj.setHeader("Cache-Control", "no-store");

That solved the problem!
Post a Comment