Flex Rest Security


I am trying to grasp how people have best solved the integration of FLEX Rest services and restful_authentication. Since FLEX is stateful, how are you securing the access to the web services? For example, once the Flex app calls the login method, returns success, how does the rails app know the user is authenticated when a request for /CONTROLLER/index comes in? I dont believe Flex uses sessions so I assume there is another mechanism here.