I don't think you should store user credentials in preferences.
The most common approach is to send credentials to server and then as a response get a session key. Then include the session key as a header to any request (and validate it in every request).
If the session key would become invalid (e. g. expired) then the server should return a proper response, and the client should initialize authentication functionality.
Egzample
First run
- Show login
Activity
- Send credentials to server
- Get a
session_key
as a response (normally its a hash) - Store the
session_key
hash - User is authenticated, exit the login
Activity
Any request to the server.
- Add a header with
session_key
to your request (e. g. as a header) - Send the request
- If the response is Ok Stop, else (e. g. response with message "not authorized" or status code 401) run
First run