如何保持Android的登录会话 [英] how to maintain android login session

问题描述

您好我见过几个方法来保持在android系统的登录会话像使用共享preferences和序列化饼干DefaultHttpClient。
我有一个Android应用程序，与我的服务器来获取用户的信息，他们必须登录后交流。我只希望用户，直到会话已过期登录一次。

Hi i've seen several way to maintain a login session in android like using SharedPreferences and Serializable cookies in DefaultHttpClient. I have an android app that communicate with my server to retrieve the user's information after they have logged in. I only want the user to login once until the session has expired.

使用共享preferences存储用户ID和密码似乎很容易，但看起来不安全我。我希望任何人在这个更好的体验给我的共享preferences是好还是DefaultHttpClient饼干比较好一些评论（也许有这样做这两旁边的另一种方式）。

Using the SharedPreferences to store userID and password seems easy but looks insecure for me. I hope anyone with better experience on this to give me some comment on whether SharedPreferences is better or DefaultHttpClient cookies is better ( Or perhaps there is another way of doing this beside this two) .

推荐答案

我建议你使用令牌，而不是存储这些类型的机密信息。
在你的服务器端，检查是否给定的数据{用户名和密码}进行校正是。然后生成一个截止日期，让您在您的应用程序识别用户的唯一哈希值。

I suggest you to use tokens instead of store those kind of confidential information. At your server side, check if given data {user and password} are corrects. then generate a unique hash with an expiration date which allows you to identify the user at your app.

这篇关于如何保持Android的登录会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！