In my Flex application, users need to be able to upload and download content. However, this content is access restricted, and I need to do a permissions check before allowing the upload/download. The user clicks a link, and then selects a file using the FileReference class. The FileReference class doesn't attach cookie information, so I can't use a session.

I want to implement a 2 step process where the client first pings the server to get a one-time-use token, and then does the upload or download with the one-time-use token as a parameter. However, this plan is being foiled by error #2176, which is apparently a security fix to FP10, that only allows uploads/download to be triggered during a MouseEvent propogation. Anyways around this?

I got workarround for this here.

 <?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" 
                layout="absolute" 
                minWidth="955" minHeight="600"
                creationComplete="creationCompleteHandler(event)">
    <mx:Script>
        <![CDATA[
            import mx.controls.Alert;
            import mx.events.CloseEvent;
            import mx.events.FlexEvent;

            protected function creationCompleteHandler(event:FlexEvent):void
            {
                Alert.show("Now you can save the file!", "Test", Alert.OK|Alert.CANCEL, null, closeHandler);
            }

            protected function closeHandler( event:CloseEvent ):void
            {
                var fileReference :FileReference;

                if ( event.detail == Alert.OK )
                {
                    fileReference = new FileReference();
                    fileReference.save("http://www.bogdanmanate.com", "test.txt");
                }
            }
        ]]>
    </mx:Script>

</mx:Application>