Connecting to a REST API on Android via session id cookie and not JWT

Question

I can't find anything except Retrofit about this thing. Is using cookies something Android developers don't use or why it is so hard to find any information about connecting to the REST API via using session id cookie instead of JWT?

Also most of the tutorials on the internet don't even use TLS. And don't even mention the posssibility of the user closing the app and don't having the cookie available in his next session. So, nothing about storing and retrieving the session_id string from local storage for later reuse in subsequent connections etc.

Can you suggest a native Android implementation? Some example code how to use session id cookies in Android apps and store them so the user can shut down the app and run again later and he will reuse the stored session id and send the cookie with it with the json request to the remote server.

If this is some secret information publicly not available, can you suggest some paid course on udemy or something where they do these things and teach the proper way how to store and reuse cookies in Android apps when you connect to APIs?

Answer 1

Android is different from the browser in a way that it does not manage cookies for you. A cookie is just a header. So when you get a network response, take the token from the response headers, save it somewhere (I suggest SharedPreferences), and then use it in the later requests (I suggest using okhttp's interceptors: read this or this).