Recognize android httpclient with php sessions on web service

Question

I'm building an android application that uses a web service (just php scripts) to query a mysqldatabase. For the moment there isn't any authentication system but I'd like to create php sessions after the user logs with username and password on the mysqldatabase... The thing is that for the moment all my connexions to the scripts work like this :

public static long getOnlineAlarm(long taskID) {

    long alarm = -1;

    String result = null;
    InputStream is = null;

    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();

    nameValuePairs.add(new BasicNameValuePair("taskID", String.valueOf(taskID)));

    try {
        HttpClient httpclient = new DefaultHttpClient();
        HttpPost httppost = new HttpPost(
                "http://192.168.1.13/spotnshare/getOnlineAlarm.php");
        httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
        HttpResponse response = httpclient.execute(httppost);

        HttpEntity entity = response.getEntity();
        is = entity.getContent();

    } catch (Exception e) {
        Log.i("taghttppost", "" + e.toString());

    }

    // conversion de la réponse en chaine de caractère
    try {
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                is, "UTF-8"));

        StringBuilder sb = new StringBuilder();

        String line = null;

        while ((line = reader.readLine()) != null) {
            sb.append(line + "\n");
        }

        is.close();

        result = sb.toString();
    } catch (Exception e) {
        Log.i("tagconvertstr", "" + e.toString());
    }
    // recuperation des donnees json
    try {
        Log.i("tagconvertstr", "[" + result + "]");

        JSONObject jObj = new JSONObject(result);

        alarm = jObj.getLong("alarm");
        return alarm;

    } catch (JSONException e) {
        Log.i("tagjsonexp", "" + e.toString());
    } catch (ParseException e) {
        Log.i("tagjsonpars", "" + e.toString());
    }

    return alarm;
}

So I create a new DefaultHttpClient(); each time I use a script, is that going to be a problem for the php sessions ? Or can the server recognize the client anyway ?

Answer 1

What you could look at doing is using some form of unique identifier for each session.

Basically the first call to the database when you login would return a sessionID. Then every call after that you pass the sessionID to the php scripts (on each and every php script). That's the most common method I've seen implemented for this sort of thing.