Android的HTTP登录问题 [英] Android HTTP login questions

问题描述

我有关于Android中实现登录功能的一些问题。

1。机器人是否有这样的会议或饼干什么？我应该如何记住用户正在loged吗？很显然，我不想要求输入密码每次我的应用程序中使用的时间！

2。我应该散列密码发送到服务器之前？我有一个表在我与一个用户和密码栏数据库。当我要检查登录，我应​​该送散列到服务器的密码，如的login.php U =雪橇和​​放大器;如p = 34819d7beeabb9260a5c854bc85b3e44 ，或只是简单的文本的login.php U =雪橇和​​放大器; P =输入mypassword 以及散在服务器上之前，我进行身份验证

解决方案

  

机器人是否有这样的会议或饼干什么？

是的。有两个替代方案。

选项＃1：

您可以使用 CookieManager 设置你的Cookie。

选项＃2：

另一种方法（我使用这种替代在我的应用程序之一）就是抓住你的Cookie您发送您的用户名和密码后，到服务器（例如，通过 HttpPost 或 HTTPGET ）。在你的问题您使用的登录验证的 $ _ GET 的风格，所以我的例子code将使用 HTTPGET 。

样品$ C $用c HTTPGET ：

 的HttpParams的HttpParams =新BasicHttpParams（）;

//这是一件好事，设置它们应尝试连接。在这
//这例如五秒钟。
HttpConnectionParams.setConnectionTimeout（的HttpParams，5000）;
HttpConnectionParams.setSoTimeout（的HttpParams，5000）;

DefaultHttpClient postClient =新DefaultHttpClient（的HttpParams）;
//您的网址使用$ _GET风格。
最终的字符串URL =www.yourwebsite.com/login.php?u=myusername&p=mypassword;
HTTPGET HTTPGET =新HTTPGET（URL）;
HTT presponse响应;

尝试 {
    //执行你的HTTPGET对服务器，赶上回应我们
    // Htt的presponse。
    响应= postClient.execute（HTTPGET）;

    //检查是否一切顺利。
    如果（response.getStatusLine（）的getStatus code（）== 200）{
        //如果是的话，抢的实体。
        HttpEntity实体= response.getEntity（）;

        //如果实体不为空，从响应抢CookieStore的。
        如果（实体！= NULL）{
            CookieStore的饼干= postClient.getCookieStore（）;
            //做一些更多的东西，这也许应该是，你是个方法
            //返回CookieStore的。
        }
    }

}赶上（例外五）{
}
 

现在，当你有你的的CookieStore ;抢Cookie的列表，从中后，您可以使用 饼干 ，以确定名称，域值等...

您尝试访问您的网站的锁定的内容下一次;设置cookie到您的的HttpURLConnection 从饼干信息：

 网​​址URL =新的URL（www.yourwebsite.com/lockedcontent.php）;

HttpURLConnection的HttpURLConnection的=（HttpURLConnection类）url.openConnection（）;

httpURLConnection.setInstanceFollowRedirects（假）;
//主机和曲奇是在HTTP响应字段。使用Wireshark
//通过您的计算机，以确定正确的头名。
httpURLConnection.setRequestProperty（主机，domainOfYou​​rCookie）;
httpURLConnection.setRequestProperty（曲奇，valueOfYou​​rCookie）;

最终诠释响应code = httpURLConnection.getResponse code（）;

//而获得的内容...
 

  

我应该散列密码发送到服务器之前？

取决于你的系统设计。发送时给你的服务器必须有正确的信息。这也取决于你如何散列您的信息在你的PHP文件。

  

我应该如何记住用户正在loged吗？

存储在共享preferences 什么的信息。就像我刚才说的，你可以散列它，如果你登录系统设计正确 - 这取决于你如何散列在你的PHP文件。

Hey guys, I have a few questions about implementing a login feature in Android.

1. Does android have anything like sessions or cookies? How should I 'remember' that the user is loged in? Obviously I don't want to ask for the password every time my application is used!

2. Should I hash the password before sending it to the server? I have a table in my database with a user and password column. When I want to check the login, should I send the password hashed to the server like login.php?u=sled&p=34819d7beeabb9260a5c854bc85b3e44, or just plain text like login.php?u=sled&p=mypassword and hash it on the server before I perform the authentication?

解决方案

Does android have anything like sessions or cookies?

Yes. There are two alternatives.

Option #1:

You can use CookieManager to set your cookie.

Option #2:

The other alternative (I'm using this alternative in one of my applications) is to grab your cookie after you've sent your username and password to the server (e.g. via HttpPost or HttpGet). In your question you're using $_GET style of your login authentication, so my sample code will be using HttpGet.

Sample code using HttpGet:

HttpParams httpParams = new BasicHttpParams();   

// It's always good to set how long they should try to connect. In this
// this example, five seconds.
HttpConnectionParams.setConnectionTimeout(httpParams, 5000);
HttpConnectionParams.setSoTimeout(httpParams, 5000);

DefaultHttpClient postClient = new DefaultHttpClient(httpParams);           
// Your url using $_GET style.
final String url = "www.yourwebsite.com/login.php?u=myusername&p=mypassword";
HttpGet httpGet = new HttpGet(url);
HttpResponse response;

try {   
    // Execute your HttpGet against the server and catch the response to our
    // HttpResponse.
    response = postClient.execute(httpGet);

    // Check if everything went well.
    if(response.getStatusLine().getStatusCode() == 200) {   
        // If so, grab the entity.          
        HttpEntity entity = response.getEntity();

        // If entity isn't null, grab the CookieStore from the response.
        if (entity != null) {
            CookieStore cookies = postClient.getCookieStore();  
            // Do some more stuff, this should probably be a method where you're
            // returning the CookieStore.    
        }                   
    }

} catch (Exception e) {
}

Now when you have your CookieStore; grab a list of cookies from it and after that you can use Cookie to determine the name, domain, value etc...

Next time you're trying to access "locked" content of your website; set a cookie to your HttpURLConnection from your Cookie information:

URL url = new URL("www.yourwebsite.com/lockedcontent.php");

HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

httpURLConnection.setInstanceFollowRedirects(false);
// "Host" and "Cookie" are fields in the HTTP response. Use WireShark
// via your computer to determine correct header names.
httpURLConnection.setRequestProperty("Host", domainOfYourCookie);
httpURLConnection.setRequestProperty("Cookie", valueOfYourCookie);

final int responseCode = httpURLConnection.getResponseCode();

// And get the content...

Should I hash the password before sending it to the server?

Depends on how your system is designed. You must have correct information when sending it to your server. This also depends on how you're hashing your information in your .php file.

How should I 'remember' that the user is loged in?

Store the information in a SharedPreferences or something. Like I said earlier, you can hash it if your login system is correctly designed - this depends on how you're hashing it in your .php file.

这篇关于Android的HTTP登录问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！