在Django安卓:如何保持用户登录 [英] Android with Django: How to keep user logged in
问题描述
我想知道什么被流行的应用程序所使用的方法是。
I want to know what the method used by popular apps are.
下面是我所考虑的方法:
Here are the approaches I have considered:
- 当用户登录时,保存用户名和放大器;共享preferences和密码,再利用它每一次
(我想这会吸) - 登录上与客户端(APP)侧
Facebook的SDK,通过身份验证令牌应用和使用
创建一个用户。传递令牌的应用程序,存储在此令牌
电话,并用它在未来的通信。的我相信这会令
感定期重新创建此令牌,但如何做到这一点不
要求用户重新登录?的 - 创建一个登录视图。的这将意味着通过用户名和密码的API 的然后与用户令牌去了。
- When user logs in, save username & password in shared preferences and re-use it every time (I think this will suck)
- Login on the client(app) side with Facebook SDK, pass the authentication token to the app and use that to create a user. Pass a token to the app, store this token on the phone and use it in future communications. I think it would make sense to re-create this token periodically, but how to do so without asking the user to login again?
- Create a login view. this will mean passing username and password to the API And then go with the user token.
推荐答案
我不认为你应该存储在preferences用户凭据。
I don't think you should store user credentials in preferences.
最常见的方法是发送凭证服务器,然后作为响应获得会话密钥。然后包括会话密钥作为标题任何请求(在每一个请求验证的话)。
The most common approach is to send credentials to server and then as a response get a session key. Then include the session key as a header to any request (and validate it in every request).
如果会话密钥将变为无效(例如过期的),那么服务器应该返回一个适当的反应,并在客户端应该初始化认证功能。
If the session key would become invalid (e. g. expired) then the server should return a proper response, and the client should initialize authentication functionality.
Egzample
首先运行
- 显示登录
活动
- 发送凭据到服务器
- 获取
session_key可以
作为响应(通常它的哈希) - 存放
session_key可以
散 - 用户通过验证后,退出登录
活动
- Show login
Activity
- Send credentials to server
- Get a
session_key
as a response (normally its a hash) - Store the
session_key
hash - User is authenticated, exit the login
Activity
的任何请求到服务器。
- 与
session_key可以
添加一个标题给您的请求(例如一个标题) - 发送请求
- 如果响应正常停止,否则(例如响应与消息未授权或状态code 401)运行
首先运行
- Add a header with
session_key
to your request (e. g. as a header) - Send the request
- If the response is Ok Stop, else (e. g. response with message "not authorized" or status code 401) run
First run
这篇关于在Django安卓:如何保持用户登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!