Reputation: 21
User authentication for android app
Forgive me in advance but I've read all topics related to this and this newbie is still confused. Let me start my giving a brief run-down of what I'm trying to achieve... I've created a quiz. Since I'm adding a leaderboard I require a user to create a username and a password or email address so as to be unique. I've managed to create register and login functions using phpmysql and it all works beautifully in my app. However, I don't wish the user to have to login in each time the app is opened but rather it remember the user details. Do I use the account manager function in the android sdk and scrap the mysql? Or should I just modify what I already have? Do I even need to use phpmysql for a login? I realise I will have to use it for the leaderboard. Any help to point me in the right direction would be much appreciated.
Cheers
Upvotes: 2
Views: 1555
Answers (2)
Reputation: 3929
Even though Robbies answer is great, It sounds like an overkill for your application, at least in short term. An easier solution would be to save a boolean with Shared Preferences each session:
http://developer.android.com/guide/topics/data/data-storage.html#pref
Shared Preferences stores variables betweens sessions and are simple to fetch. In your case you would save a boolean true if a login was sucessful. Next time the application is started, fetch the boolean and if true, login is'nt needed. If there are no such variable or if it is set to false(previous login failed/user logout), demand login!
Good luck
Upvotes: 0
Reputation: 17710
Us a session system, similar to how you'd use cookies.
When the android device connects, in PHP:
- create a simple "session" variable.
- record the phone signaure against the session variable in a database
- return session variable to android.
In Android:
- store the session variable in a local data file on the phone.
For subsequent calls:
- Android sends the session variable (from local file storage) along with the phone ID to PHP
- PHP checks the sessions variable is valid, checks the phone signature matches. If they do, you have the same session. If they don't match, create a new session (and send back to phone).
When the user "logs on"
- Store the user_id and fact they have logged on against the session variable in PHP.
- Then, when the session variable is sent from the phone, you know the user_id without interaction.
- If a user logs off, just record that in the db (unlink the user_id from the session)
As the file storage is persisent, even when the app closes, and the phone ID won't change, PHP will always know who the user is on connection, even after the app is closed.
Upvotes: 3
Related Questions
- Login through PHP and Mysql in Android
- Android - How to do MySQL db transactions using authentication?
- Register Form Android Studio
- Android app and login to my database
- Best way of login from app
- Building Android Login with PHP and mysql
- User Authentation using php and mysql
- How would I go about creating a login
- How to authorize an android app for a php-database-webservice?
- How can I handle authentication in android for a remote website?