Reputation:
I'm trying to make a login with PHP and MySQLi for Android. What I don't understand is how to keep the user logged in? I saw a simple tutorial where someone used SQLite to safe information but I'm not aware if that is really secure way. How should I save the user information to keep the users logged in?
Thank you.
Upvotes: 7
Views: 9522
Reputation: 1324
I am not sure about the login procedure in the PHP application. If it manages login using an Authentication token, then save the authentication token. If it doesn't use any token-based authentication, that means you are possibly managing the login by sessions. There you may have to save both user id and password.
Now in case of securely saving this kind of data, I will prefer Encrypted Shared Preferences from Android Jetpack.
String masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
SharedPreferences sharedPreferences = EncryptedSharedPreferences.create(
"secret_shared_prefs",
masterKeyAlias,
context,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
);
// use the shared preferences and editor as you normally would
SharedPreferences.Editor editor = sharedPreferences.edit();
You can use unpredictable keys also to keep you data more secure.
Upvotes: 1
Reputation: 12042
Use the SharedPreferences
in android
when your loggedin store the data using
SharedPreferences pref = getApplicationContext().getSharedPreferences("MyPref", 0); // 0 - for private mode
Editor editor = pref.edit();
//on the login store the login
editor.putLong("key_name", "long value");
editor.commit();
retrieves the data of the key
pref.getString("key_name", "");
^
default value if the user is not loggedin
clear the data when logout
editor.remove("name");
editor.commit();
Refer this Link for More
Upvotes: 8