Is it usual to deal with sessions on an Android app?

Asked

Viewed 74 times

1

My question is the following: I have a Rails server and make queries on this server using an Android app. If I were creating a web system, I would make use of session to manage my system permissions. However, as I have the application, I do the restrictions within it (if the user does not login, will not have access to the system).

The fear I have is that someone will use the routes I created in Rails to access restricted user data and enter data fraudulently. Is there any way around it?

android ruby-on-rails session

1 answer

1

The most common is to use servers stateless for communication with applications. This means that you will control the accesses and permissions through tokens. Take a look at Oauth. If you put these permissions in the app gives almost the same as nothing, it’s very easy the guy cheat.

  • But from what I understand Oauth only serves when I want to use some Google or Facebook account to log in. And in case I allow registration inside my app?

  • Google and Facebook use Oauth, you can create your Oauth server and receive tokens from it

Browser other questions tagged android ruby-on-rails session

You are not signed in. Login or sign up in order to post.