I sent a private message detailing the different ways of handling this with much more information, but just for those perusing the general idea is to proxy the flash calls through your server because the session token is associated with an IP address. This means a bit more work but puts the onus of client...