1

I'm such a newbie on Android and knowledge between client-server.
I'm making an Android app in which i need to login (like any social network). I already made the registration activity saving data with MySQL on my DB. The problem comes with the login. I can verify if username and password are correct but in order to don't have to login again untill server session is closed i need so save the PHPSESSID from the server and check it everytime I want to see a "protected" activity like the Home of my social network or the profile.
If the session cookie is not anymore on the server i need to login again so a new session cookie will be created.
My questions are:
How can I get the PHPSESSID from the login script?
Is it correct to save it in the sharedPreferences in order to send it to check it from the server?
Here's my code unitll now:

`public String sendPostRequest(String requestURL, HashMap postDataParams) {

    URL url;
    String response = "";
    try {
        url = new URL(requestURL);

        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
        conn.setReadTimeout(15000);
        conn.setConnectTimeout(15000);
        conn.setUseCaches(true);
        conn.setRequestMethod("POST");
        conn.setDoInput(true);
        conn.setDoOutput(true);


        OutputStream os = conn.getOutputStream();
        BufferedWriter writer = new BufferedWriter(
                new OutputStreamWriter(os, "UTF-8"));
        writer.write(getPostDataString(postDataParams));

        writer.flush();
        writer.close();
        os.close();
        int responseCode = conn.getResponseCode();

        if (responseCode == HttpsURLConnection.HTTP_OK) {
            BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            response = br.readLine();
        } else {
            response = "Error";
        }
    } catch (Exception e) {
        e.printStackTrace();
    }

    return response;
}

private String getPostDataString(HashMap<String, String> params) throws UnsupportedEncodingException {
    StringBuilder result = new StringBuilder();
    boolean first = true;
    for (Map.Entry<String, String> entry : params.entrySet()) {
        if (first)
            first = false;
        else
            result.append("&");

        result.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
        result.append("=");
        result.append(URLEncoder.encode(entry.getValue(), "UTF-8"));
    }

    return result.toString();
}`
Gianluca Ceccoli
  • 47
  • 7
  • You shouldn't use cookies for authentication and authorization to your mobile API. Learn about [OAuth](https://www.sitepoint.com/creating-a-php-oauth-server/) instead. – Bartosz Zasada Nov 10 '16 at 10:26
  • @MadDog i mean session cookie. I mean PHPSESSID. Sorry for my english but I'm Italian – Gianluca Ceccoli Nov 10 '16 at 10:28
  • Your English is ok, I understood your question. My point is, your approach is wrong. Cookies and sessions should only be used for authentication/authorization for web pages. APIs for mobile applications should use OAuth or some other stateless protocol. – Bartosz Zasada Nov 10 '16 at 12:15
  • @MadDog can i ask why? why can't i get the phpsessid the first time i login and then ask for it when i try to see the homepage? – Gianluca Ceccoli Nov 10 '16 at 13:08
  • http://stackoverflow.com/questions/319530/restful-authentication – Bartosz Zasada Nov 11 '16 at 08:12

0 Answers0