Need help understanding ios http auth for app

Question

I need an idiots guide explanation to understand generally how do you authenticate users in your ios app when you have a web based backend? I use tornado and django and understand how to use get/post/delete/update using restkit but theoretically i don't understand authentication requests.

P.S. I have found a good tutorial using restkit for authentication which helped here: http://benoitc.github.com/restkit/authentication.html

Answer 1

You can use Cookie.

The web server side can respond some cookies when receiving the request that contains username and password information, then the next time app will send request with the cookies the web server has responded.

You can use ASIHTTPRequest, it can handle cookie automatically. Hope this can help you. :)

Answer 2

That can be done in multiple ways ill explain the easiest, first lets setup our enviroment, we do have:

• www.yourSite.com/login.php: this will take user="name" and passowrd="password", and it will echo back a session ID.
• www.yourSite.com/isloggedin.php: to check if user is logged in
• www.yoursite.com/logout.php: to logout from your session

First you would call login.php sending the user name and the password (login.php?user=someuser&passowd=pass) this call will echo back a session ID (that will be kept alive for you at the server side)

Then later on you could call isloggedin.php?session=here_set_the_session_returned_earlier, if you didnt log out this will return yes for example

Later if you want to logout you could call www.yoursite.com/logout.php?session=same_session, that will destroy the session saved in the login function

There are alot of other ways to implement this, but in my opinion this is the easiest way