我需要在Android应用程序中使用PHP会话吗? [英] Do I need to use PHP sessions in my Android app?
问题描述
我创建了一个与PHP Web服务器通信的Android应用程序.它们都互相发送JSON.我的应用程序快要完成了,但是还有一件事要做:身份验证.
I have created an Android app that communicates with a PHP web server. They both send JSON to each other. My app is almost finished, however there is one thing left to do: authentication.
由于用户的用户名和密码将存储在Android SharedPreferences中,假设用户不需要在每次请求时都输入用户名/密码,是否有必要使用PHP会话?
Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request?
由于我只能在每个请求的HTTP POST标头中发送用户名和密码,并且我将使用SSL,这就足够了吗?我想我可以在标头中添加一个名为"random"的额外字段,该字段仅添加一个随机值,用作盐,以便每次加密的SSL有效负载都不同.
Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different every time.
我不想使用会话的原因是我的Android应用要么必须处理Cookie,要么需要管理会话ID的存储.
The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID.
如果使用上述方法有一些严重的弊端,那么我很乐意使用会话.
If there are some serious cons to using my method above, then I'm more than happy to use sessions.
推荐答案
我认为Google已经提出了很多想法,因此做与他们类似的事情并不是一个坏主意.如果您看看他们的工作方式
I think Google have given this a lot of thought, so doing something similar to what they do wouldn't be a bad idea. If you look at the way they do their
- 登录过程,即
https://accounts.google.com/o/oauth2/auth
尤其是他们的
- 令牌刷新,即
https://accounts.google.com/o/oauth2/token
这听起来有些矫kill过正,但是您可能会想到一些对您自己的实现有价值的想法.
it might feel like overkill, but you might come away with some ideas that could be valuable to your own implementation.
糟糕,几乎忘记了文档链接: https://developers.google.com/account/docs/OAuth2
oops, almost forgot the documentation link: https://developers.google.com/accounts/docs/OAuth2
这篇关于我需要在Android应用程序中使用PHP会话吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
