How to implement a Login procedure and session? [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 8 years ago.

I have an app that has PHP API Classes to connect to a MySQL database and SQLite database handler to store users information but how would I implement the Login procedure and establish a session so that user can use the app based on the users privileges?

Answer 1

After you the user logged in you should create a session on the server side and send some kind of authentication information back to the client. This can be a session id or some kind of authentication token. With every future request you do on the client side you have to send this authentication information back to the server. Than the server checks the authentication information (e.g validates the token, checks if the session is not expired, etc.). If the authentication information is valid the server returns the response to the client request.

The way you use to transmit the authentication information depends on the login type you want to use. For example you can store the information within a cookie or another http header.

Dependend on the way you transmit the authentication information it can be necessary to save the authentication information in your app (so you can add it to future requests). If you have to do this you should hold this information in memory and avoid persisting it in any android datastore (e.g. sqlite db) for security reasons.