androidsessionuser-preferences

Do I need to set Session or user Preferences?


I'm working on an app that has PHP classes to connect to the web server for login and other database transactions, and SQLite serves as a local db to store user credentials.

I'm not sure if the SQLite maintains the user session or not but it keeps the login status until the user clicks on the logout button.

How would I implement the session(or something) so that the user can make other database transactions based on the user ID throughout the states?

Some say to establish session in PHP and other say to use preferences.

What would be the best solution for me?


Solution

  • Maybe I shouldn't ask that but, well, are your webservices RESTful or not ?

    If they are, I read a lot of discussions about not keeping user sessions on the server, but instead authenticate user at each request (using his credentials or more secured authorization systems).

    Otherwise, yes, you can just create PHP sessions server-side when a user is authenticating. You store the session in a specific table, containing a fk_user_id field, and you send back the session_id to the client application (android app in your case) once the authentication process is over. Then the session_id is stored (in user-preferences for example), and sent along with each request in order to retrieve who is asking data, thanks to the sessions table and its fk_user_id field.