如何在PHP中管理从移动应用程序登录的用户的会话? [英] How to manage session for a user logged in from mobile app in PHP?
问题描述
我是专业的 PHP程序员。所以,我对iOS和Android编码一无所知。
I'm a PHP programmer by profession. So, I don't have any idea about iOS and Android coding.
场景是有一个网站是使用名为PHPFox的社交网络PHP软件开发的。
The scenario is there is one website developed using a Social Networking PHP software titled "PHPFox".
现在有两个类似的移动应用程序可以完全复制本网站的功能。一个移动应用程序在iOS中,另一个在Android中。
Now there are two similar mobile apps which exactly replicates the functionality of this website. One mobile app is in iOS and another is in Android.
所以,我写了一组RESTful API,我接受来自移动应用程序的请求,解析请求,将请求参数传递给为网站执行相同工作的函数,从此函数获取响应,将其转换为JSON格式并将其发送回移动应用程序。对于iOS和Android应用程序,我使用相同的REST API文件集。
So, I've written a set of RESTful APIs where I'm accepting the request from mobile app, parse the request, pass the request parameters to the function which does the same job for website, get the response from this function, convert it into JSON format and sent it back to mobile app. For iOS and Android app I'm using the same set of REST API files.
当用户登录时,将调用用于登录的REST API。最终调用用于身份验证的PHPFox函数,生成安全令牌以及一些其他用户数据。每次登录时,PHPFox都会生成不同的安全令牌。此数据将设置到会话中。现在每次通过任何REST API文件调用任何函数时,都会验证登录时生成的安全性令牌,并且只有成功验证令牌后才会调用PHPFox函数。此验证过程由PHPFox在内部完成。因此,无需将安全令牌显式或隐式地传递给任何REST API调用。
When user logs in, the REST API for login gets called. Eventually the PHPFox function for authentication gets called, a security token is generated along with some other user data. With every login the different security token is generated by PHPFox. This data is set into the session. Now every time I call any of the functions through any REST API file the security token generated at the time of login is verified and only upon successful verification of token the PHPFox function gets called. This verification process is done internally by PHPFox. So no need to pass the security token explicitly or implicitly to any REST API call.
直到现在一切正常。
我的怀疑从这里开始。我不知道会话是否在iOS / Android应用程序中维护。那么,如果服务器上的会话,即PHPFox超时,那么应用会发生什么?会崩溃吗?用户是否必须再次登录?如果用户杀死设备上的应用程序并再次访问应用程序,他/她是否必须再次执行登录过程?
My doubt starts from here. I don't know whether the session is maintained in iOS/Android app. So, if session on server i.e. PHPFox gets timed out then what will happen to the app? Will it crash? Will the user have to login again? If user kills the app on the device and again comes to the app, does he/she have to do the login process again?
我心中有太多疑惑。我完全混淆了这些事情。
There are too many doubts in my mind. I get totally confused with these things.
有人可以更专注于我面临的问题吗?如果你能详细解释那将是非常好的。
Can someone please put more focus on the issue I'm facing? It would be really great if you could explain in detail.
谢谢。
推荐答案
REST本质上是无会话的。您需要在用户登录时生成令牌。您必须在移动客户端上保存此令牌。
对于每个请求,您需要在请求标头中附加有效标记并在服务器端进行检查。
如果令牌过期,则存储在客户端上的令牌无效。因此,您需要再次登录,因为401响应。如果令牌不正确,你需要回复400.
我希望我对你有所帮助。
REST is sessionless for its nature. You need to generate a token when user logged in. You must save this token on your mobile client. For every request, you need to attach a valid token in request header and check it at server side. If token expires, the token stored on a client is not valid. So, you need to login again because of 401 response. If token it's not correct you need to responde 400. I hope that I'm helpful for you.
这篇关于如何在PHP中管理从移动应用程序登录的用户的会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
