App Interaction with PHP - Remembering User

Question

I am beginning the process of writing an iOS app (this will probably be used for an Android app eventually too) that needs to interact with a database online. My research suggests that the best way to do this is for the app to interact directly with a PHP file that will return an XML file. I have not yet started any programming in Xcode, but I have started the PHP side. (I know that is somewhat backwards, but I don't have access to my Mac right now.) My question is what is the best way for the PHP file to 'remember' the user? I don't think passing the username and password for every query to the database is the best idea. I have thought of something to this effect:

$pre_token_a = array( u_id = '123456',
                      time = time() );
$pre_token_b = implode( "-", $token_a );
$token = my_encryption_function( $key, $token_b );
echo "<TOKEN>" . $token . "</TOKEN>";

Then on the subsequent queries, the PHP file will decrypt the token, and check the id and that the token was issued with a reasonable time frame. Is this reasonable?

Answer 1

The best approach would probably be to make use of PHP sessions, since that will handle most of the work for you. It often requires that a cookie is stored on the client, containing the session ID. However, for situations where cookies are not possible or not desirable, you can also embed session information into URLs in the form of GET parameters.