How do you keep a user persistently logged in on an iPhone app?

Question

On my iPhone Facebook app I think I've only logged into it once.

On my Mint financial app, I've logged in once. whenever I load it back up, I give a four digit PIN number which was setup in the app, and I never have to log in again.

I'm building an application right now where this type of behavior would be highly beneficial.

Do they just set an auth cookie of some sort and just set it to expire way into the future? Or is there another way of handling this?

Thanks!

Answer 1

You can use the iOS KeyChain to securely store credentials as well. This can be simplified by using this code found on github ( https://github.com/ldandersen/scifihifi-iphone/tree/master/security/ ) , with some basic instructions found at http://gorgando.com/blog/tag/sfhfkeychainutils

Answer 2

I can't speak for Facebook or Mint, but the simplest approach is to use a cookie / token and store it in NSUserDefaults.

When the application is launched, see if token is still valid. If not valid, force the user to sign in again.

Answer 3

That depends on the context of your application. If you authenticate against another API, the supplier of the API usually provides you with some sort of authentication key which might expire after a certain time. You would store this key in your application once the user performs the authentication step and reuse it for every request.

Basically, the data you have to store and the time before your user has to re-authenticate (if ever) depends on the supplier of the API you're using.

Answer 4

I am taking a stab in the dark here, but:

I am assuming the login information is encrypted and then stored on the device somewhere. Upon creating a new instance of the app this data is sent to the site for all of the oauth/login/etc stuff. Once this is done the Facebook app stays on until: 1) the device is turned off, or 2) you manually quit the application.

Maybe this will start to help you, but I am sure better answers will come.