App webview Session or cookie

Asked

Viewed 438 times

1

Hey, you guys!

I’m creating an app (hybrid) for android, from HTML5, CSS and JAVASCRIPT, like Webview. I will use API through PHP using MYSQL, exchanging information with JSON.

My question is this, where should I keep the token to request? Because how do I get the customer ID?

I don’t know if I explained it right, I hope so.

1 answer

0


Augusto,

You can generate the token in php and return it in the login Success and then go on to inform it in all other requests.

Usually requests by API check for authentication by request, even that depends on your logic and downtime. For example, if you’re not going to expire the user in the app until they log out, you can create a session-based user relationship table. And store the token in this table. Whenever you find the user in this table he is logged in. And to uncheck it, just delete the record.

If you will use 100% webview, you can store the client data in the javascript session.

Something like this: window.sessionStorage.setItem("token", "meutoken")

To recover: window.sessionStorage.getItem("token")


Additionally...

Suppose you have jQuery loaded and the token is in the header Authorization you can set as default on all requests like this:

$.ajaxSetup({
    headers: { 'Authorization': window.sessionStorage.getItem("token") }
});
  • Ericson, thank you very much. Taking the opportunity to finish, you find it safe to request via URL with token or use frameworks like Auth0, Slim etc...

  • Augusto, I’m honestly not familiar with these frameworks. Particularly I prefer to keep track of the logic in the application itself, solving the compatibilities of scalability, but of course you will need to worry about the security in this model (for example use of RSA in token encryption) , already in the frameworks they must have been worried enough, mainly in the open sources with the support of the community. This also depends on your project including with other means of authentication-assuming your largest audience is Android, could use Google authentication.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.