在Android的用户会话管理 [英] User Session Management in android
问题描述
欲保持一旦用户登录用户会话到他/她的帐户,以使它们在记录在应用程序关闭之后,即使并再次启动。搜索在谷歌和SO,人们称为共享preferences。我明白我必须保存在SP(共享preferences)用户的详细资料,但是如果用户更新他/她的数据?再加上,HTTPGET叫我送的链接来获取用户数据返回,只有当用户登录的有效数据(JSON)是SP做到这一点的唯一方法,还是有其他更有效的方法来做到这一点?
I want to maintain user session once the user logs into his/her account, so that they are logged in even after the application is closed and started again. Searching on google and SO, people referred SharedPreferences. I understand that I have to store user details in SP(SharedPreferences) , but what if user updates his/her data? Plus , the HttpGet call I send to the link to get user data returns the valid data(JSON) only when the user is logged in. Is SP the only way to do this, or is there other and more efficient way to do this?
P.S。 - 我的工作作为一个启动一个自由职业者,他们有API自己的PHP网站。我必须做出一个Android应用程序为他们的网站。要登录用户的网站,我做一个HTTP POST调用他们的API,结果我得到的是一个JSON。如果JSON包含成功价值的结果键,然后将用户登录,但只要我使用意图去到下一个活动(在那里我有通过HTTP GET来显示用户数据呼叫另一个API,它只有在用户登录的作品),会话丢失。因为我作为一个自由职业者的工作,他们真的不相信我给饼干用户会话。所以,我希望他们可以我一些其他的方式?
P.S. - I am working as a freelance for a startup, and they have API to their PHP website. I have to make an android app for their website. To log in the user to the website , I make a Http POST call to their API and the result I get is a JSON. If the JSON contains "success" value to the "result" key , then the user is logged in. But as soon as I use intent to go to the next activity(where I have to display the user data by making Http Get call to another API, which only works if the user is logged in), the session is lost. Since I work as a freelance, they don't really trust me giving cookies to user sessions. So, I was hoping their might me some other way?
推荐答案
您可以随时使用cookie,Android操作系统自动管理他们的应用程序(有,比方说,一个认证令牌?) - 只要该cookie设置正确服务器(例如,截止日期)您的应用程序应该正常工作。但是,这是一个有点老派。
You can always use cookies (with, say, an authentication token?), Android OS manages them for your app automatically - as long as the cookie is correctly set by the server (ex. expiration date) your app should work fine. But this is a little old school.
一个更现代的方法是使用OAuth或整合已经存在的登录系统(Facebook,谷歌等)来验证用户身份。
A more modern way is to use OAuth or integrate an already existing login system (Facebook, Google, etc.) to authenticate users.
使用共享preferences是这个工作一个错误的工具。它是做适当的身份验证的解决方法。有办法是值得信赖和安全,并采取各种边界情况的照顾,而它的工作需要一点点的建立,这是一个更好的选择,海事组织。
Using Shared Preferences is a wrong tool for this job. It's a workaround for doing proper authentication. There are ways that are trustworthy and secure and take care of all kinds of edge cases, and while it takes a little bit of work to set up, it's a much better option, IMO.
这篇关于在Android的用户会话管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
