There's no access to the HTTP cookies from within a Flash movie, but I now have repeatedly read that Flash Player is supposed to take care of session cookies automatically. I could, however, not find any documentation about this, and it sure didn't work with my Flex client running against a Struts backend using the default JSESSIONID cookie.
So, does Flash Player handle session cookies or doesn't it, and if it does, how do I set it up?
The HTTP requests from Flash are sent through the browser - so yeah, the cookies are transmitted automatically. In fact, I am currently doing a site that handles logging-in (and hence setting the session cookie) in an HTML page and then forwards user to a Flash only page (). The flash page is sending a lot of requests to the server using URLLoader & URLRequest and I am able to verify the session cookie for each of those.
That said, you can access HTTP cookies from Flash using ExternalInterface.call(). Make sure allowScriptAccess in the SWF embedding code is set to appropriate value.
var cookies:String = ExternalInterface.call("function()
{
return document.cookie;
}()");
Update: I haven't tried that (login in flash), but you might be right - Flash might be ignoring the Set-Cookie (or all) response headers. And unfortunately Flash does not let us access response headers either. But since it is possible to access the response headers in an AJAX response (using xhr.getResponseHeader) you can use ExternalInterface and outsource the login part to AJAX. Grab the headers in the AJAX response and set the cookie using javascript (according to this SO thread, browser will do that automatically). Once set, subsequent requests sent from flash would include the session cookie in them.
Use the ExternalInterface.addCallback method to register a flash method to be callable from javascript.