I've saw this question asked a couple times about a month ago and I tried to answer the question but thought it best to create an example. The question is, how do you prevent a Flex application from showing the login page after the user hit F5 in the browser (or refresh for that matter), after he/she just logged in.
So the main question here is how do you know someone has logged in successfully and don't need to present them with a login view. This is also how to handle the Single Sign On (SSO) case, where you know the user has authenticated himself successfully under host.com/app1 context but is now at your Flex application under the host.com/app2 context and you don't want him to have to re-authenticate himself. Of course we talking here about a Java back-end, so either using BlazeDS or LiveCycle Data Services.
So in my example I used BlazeDS and assuming you configured the security properly, a typical Flex application will display a login view to the user before they can do anything. But if the user has already been authenticated in this web context or another context on the same server, how do we prevent this default behavior? Here is how I do it in some simple words.
When the LoginView initializes, call the server to load the user's information (you will most likely need it at some point anyways). If you get a success response, you have the data and it means the user is already authenticated, so broadcast the LoginSuccessEvent event and you are done! The application will now display its main content. If you get an error response, the most likely cause is that the user is not authenticated and you should remain at the LoginView. It could also mean there is some server-side error (like config issue) which your technical department will have to look into.
If you do have to present the user with the LoginView, then once they click on the Login button, call the setCredentials() method of your RemoteObject and then make the same call to load the user's information.
But there is no better way to see this than to look at an example. So I recommend you download my example using the link below and take a look at the LoginView.mxml file where most of the work is done. The example deploys easily into Tomcat, so I recommend reading the readme.txt file contained within the archive for some installation details. The complete source is included as well.
You can download my example from here. Enjoy!