• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User Session Management in android

 
Aman Grover
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to maintain user session once the user logs into his/her account, so that they are logged in even after the application is closed and started again. Searching on google and SO, people referred SharedPreferences. I understand that I have to store user details in SP(SharedPreferences) , but what if user updates his/her data? Plus , the HttpGet call I send to the link to get user data returns the valid data(JSON) only when the user is logged in. Is SP the only way to do this, or is there other and more efficient way to do this?

P.S. - I am working as a freelance for a startup, and they have API to their PHP website. I have to make an android app for their website. To log in the user to the website , I make a Http POST call to their API and the result I get is a JSON. If the JSON contains "success" value to the "result" key , then the user is logged in. But as soon as I use intent to go to the next activity(where I have to display the user data by making Http Get call to another API, which only works if the user is logged in), the session is lost. Since I work as a freelance, they don't really trust me giving cookies to user sessions. So, I was hoping their might me some other way?
 
Karthik Shiraly
Bartender
Posts: 1210
25
Android C++ Java Linux PHP Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I'm not sure I understand this sentence. A cookie is given by the server and expects the app/browser to send it back on every request. Why does trust between your client and you matter here?
If you're using HttpClient API, it can store and send back cookies just like a browser.
Or if they claim their API is RESTful, try to convince them that good RESTful design requires server to not store the state of authentication between requests, but to expect auth details from client with every request.

 
Aman Grover
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Karthik Shiraly wrote:
I'm not sure I understand this sentence. A cookie is given by the server and expects the app/browser to send it back on every request. Why does trust between your client and you matter here?
If you're using HttpClient API, it can store and send back cookies just like a browser.
Or if they claim their API is RESTful, try to convince them that good RESTful design requires server to not store the state of authentication between requests, but to expect auth details from client with every request.



When I make a POST call with the API given to me for logging in the user , it gives me a JSON response with the following format:

So, can I use this "result"'s value as a token?
 
Karthik Shiraly
Bartender
Posts: 1210
25
Android C++ Java Linux PHP Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, that JSON response is not useful for anything.

There are two possibilities, depending on how that PHP API has been implemented. So understanding that API by testing and discussing with them is the first task.

First possibility: It's using server side sessions to store authentication state. In that case, it'll send you a cookie via the Set-cookie header as part of response to the login POST request.
You can test whether this is the case by using a tool like curl, or printing out all the headers from your application code.
If there is no Set-cookie header, then they are not using server side sessions ....

Which brings us to the second possibility: they require you to send auth details with every subsequent request.
Ask their developers if this is the case. Generally, it's implemented as a HTTP basic or HTTP digest authentication (which is basically another request header). In this case, you'll have to store the username/password entered initially by user somewhere secure (preferably via the Android account manager API) and send it across with every request.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic