Reputation: 1304
Android: What data is it better to store to auth user once and remember next time app is launched?
Which of the following ways is better to allow user to login once and avoid logging in again on next app launch?
1) Store just UserID and then just every time fetch data from server and load profile? (Problem: userID can be manipulated in SharedPreferences so user can easily hijack other users identity)
2) Store username and password in SharedPreferences then just auth user on every app launch and get users data from server? (Is this safe enough? )
3) On first login from device - store deviceID in online database and store userID in SharedPreferences, then on every app launch compare deviceID's and if matches = Fetch data and login automatically or if not matching = request login again?
Is there any better way perhaps? I would like to avoid using SQLite as for my app I have no need for database, my app is online MySQL database related and it's constantly communicating with it rather than having local database.
Upvotes: 1
Views: 180
Answers (2)
Reputation: 5498
You could also send back a large meaningless id (such as a GUID) from the server on login. The server would store it in a list of valid login credentials. Store it on the phone also and send it back to the server for authentication. There would be no way to forge an id since it cannot be derived from any other information, and the chances of guessing one would be miniscule.
Upvotes: 1
Reputation: 1620
1) and 2) should never be done as it compromises on the security and any one with read/write privileges can easily view the sensitive information.
3) could work but not with the device id since that can also be manipulated on rooting. I would suggest you use the userid+password+deviceid to generate a hash and store that in your database. Consequently whenever you make any calls to your server use this hash to authenticate the user.
About fetching the data you need not do it every time. If the data is not very sensitive you can store it in your shared preferences and use it to reduce the network calls. You can use this to show the screen which opens on first time usage and consequently fetch additional data by making a network request. It would also not interfere with the user experience
Upvotes: 1
Related Questions
- Best option to store username and password in android app
- Which way of saving user data should I use for my Android app?
- What is the best way to store app data and load it in app?
- Store data in Application class when I open application second time
- Storing username and password in Android app
- How should I store user credentials so that users don't have to login again?
- How to have android app remember user data/profile?
- Best way to save user profile details android app
- Android - which is the best way to store some commonly used information of login user?
- What's the best way of storing application data in Android?