How can I create and maintain authentication sessions on an iPhone?

Question

HI, i am about to create an iphone application that will have a account system . ( login/logout ) .

that will have a server side also. so how to do session management. while your client is iphone

how i can do that ??

Answer 1

If it's a webapp, or your server-side is going to be a webservice, you probably want to be using HTTP cookies.

Otherwise, you could come up with some custom scheme where you assign a session id to the client and associate it with their state on the server side. The client provides this session id in future requests.

Things to think about here would include persistence/expiry, both server-side and client-side. Also, security (is your scheme susceptible to brute force or prediction attacks? Should you be encrypting the communication where this is assigned/provided?)

Regarding the iPhone, you may want to make your session id specific to a particular UDID (unique hardware address).

Answer 2

I use the ASIHTTPRequest library to communicate with my webservice.

It has built-in capability to handle cookies, so I simply login with a POST request and the cookie is set like a normal browser.

When your network connection is down, you can still check for a valid cookie:

- (BOOL) hasSignInCookie
{
    NSArray *cookieJar = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
    for( NSHTTPCookie *cookie in cookieJar)
    {
        if( [[cookie name] compare: @"JourneyTagID"] == NSOrderedSame)
        {
            return YES;
        }
    }
    return NO;
}