Android + PHP - keep user logged

Question

I want to keep the user logged in an android app (used java no kotlin).

The problem is: In my php code at each user specific operation (like: getting user profile, user messages, editting, ....), I check for user session id, and this id is save in android's SQLite when logged in, but this session doesn't remain in the server it gets deleted after 2 hours (if not used) and also it doesn't returns a unique id, when a session gets deleted, the next user logs in the same id returns to him so after two hour the first user will be logged in as a different user XD.

So what should I do ? do I instead save the username and password and at each check I login or....?

Some part of login check:

PHP Code for check user is logged in:

session_id($_POST['conKey']);
session_start();
//1- connect and check if connection key is correct
if (Model::connect() == false) {
    throw new Exception('error, could not connect to the database');
} else if (!isset($_SESSION['conKey'])) {
    throw new Exception('no connection found');
} else if ($_SESSION['conKey'] != $_POST['conKey']) {
    throw new Exception('no connection found');
}

This is how I return the session id in php when logged in

session_start();

$conKey = session_id();
if (empty($conKey)) {
    throw new Exception('Faild to start session, please make sure your app is allowed to store sessions');
}
$_SESSION['conKey'] = $conKey;
echo json_encode(['connectionKey' => $conKey]);

Java Code Part I send conKey (saved session id when logged in) from SQLite

Nakul · Accepted Answer

I would suggest different approach, instead of session ID, after successful login generate token (How to generate token in PHP).
Save this token in database, now send this generated token to android client. For every API hit check if the token matches.
Unless you delete token, android client will always be logged-in.

Android + PHP - keep user logged

Answers (2)

Related Questions