It's easy to create a simple page with a SWF embedded in it and load up Firebug to watch the HTTP traffic. I created a simple two page app to experiment with this. On the first page, I used so JavaScript to write a cookie. By the way, this is annoyingly mundane. I know there are JS libraries for abstracting this and providing a clean API, but you would think that IE or Mozilla would have added an extension to JavaScript that does exactly this. Having to do document.cookie.indexOf(...) and document.cookie.substring(...) all the time is just ridiculous.
Back to the app. After setting some cookies, there is a link that goes to page two. Page two includes an embedded SWF. Watching the traffic on page two, I could clearly see cookies, user-agents, referrers, etc. all being sent as part of the HTTP request for the SWF. One interesting thing is that the referrer was page two, not page one. That makes sense, though.
So everything is clearly there, it's just not available to the SWF runtime. Any parameters on the query string are available. In Flex you can get to them using Application.application.parameters. This gives you a classic ActionScript Object, i.e. an associative array. So if you put the URL for the SWF as http://
All I can think of is that this is a security issue. It creates other potential security problems though. Imagine if page one in my app was a login page, and page two was some kind of personalized home page. A lot of websites use cookies for authentication, and that authentication is not being passed to the SWF. What's a developer to do? There are lots of options, but you can imagine some very unsavory and horribly insecure ones.
Anyways, I thought maybe I was wrong all along, and just didn't know what I was talking about. It certainly wouldn't be the first time, and especially considering I didn't know any Flash 12 months ago. So I posted the question on Flexcoders... It's been about 24 hours with no responses, which usually means nobody knows the answer.
