ActionsScript navigateToURL() and HTTP cookies

I have a small multiplayer Flash game in which you can display a player profile by clicking at his or her avatar:

const PROFILE_URL:String = 'http://myserver/user.php?id=';
try {
  navigateToURL(new URLRequest(PROFILE_URL+id), '_blank');
} catch(e:Error) {
}

This works well, but now I'd like to extend the user.php, so that players can add comments about each other. For authorization I'd like to use HTTP cookies, passed from the game.swf to the user.php.

(I don't want use GET or POST here, because GET will have the auth. variables in the URL and players might occasionaly send that URL around or post it in my forum. And POST will ask to re-post the request when you rel开发者_StackOverflowoad).

My problem is that I can't find the way to set HTTP cookies through the navigateToURL() method. Please advise me

Regards, Alex

---

You could first authenticate by logging in via a seperate call, for example login.php and that script would start a session. Then all other calls to the same domain would already have the session started and you could check authentication. No need to worry about cookies when PHP can do it for you.

---

Assuming that you already have the cookie value in your swf you should be able to use the URLRequestHeader together with the URLRequest as follows:

var header:URLRequestHeader = new URLRequestHeader("Cookie", "<the cookie>");
var request:URLRequest = new URLRequest("http://example.com/script.php");
request.requestHeader.push(header);
request.method = URLRequestMethod.POST;
navigateToURL(request, "_blank");

Under certain circumstances, the browser will send the cookie to the server if it has been already set even if you don't explicitly include it in the request. This depends on the browser and the version of the Flash Player. You might also need to adjust your crossdomain.xml file.

Also note that there might be security implications of passing around an unencrypted cookie token. See Firesheep.