即使用户强行退出Ionic / Cordova应用程序,如何保持登录状态?
[英]How to stay logged in even when user force quits the app with Ionic / Cordova?
问题描述
A common piece of functionality for native mobile applications is the ability to stay logged in even if the user closes the application in question (see eg the Facebook app on iOS). 
本机移动应用程序的一个常见功能是即使用户关闭相关应用程序也能保持登录状态(例如,参见iOS上的Facebook应用程序)。
How can this be achieved for a Cordova / Ionic / PhoneGap app authenticating against a Rails backend via username/password? 对于通过用户名/密码对Rails后端进行身份验证的Cordova / Ionic / PhoneGap应用程序,如何实现这一目标?
I'm using the devise_token_auth gem to facilitate authentication against Rails if that makes a difference. 我正在使用devise_token_auth gem来促进对Rails的身份验证,如果这有所不同的话。
3 个解决方案
解决方案1
7 2015-04-13 07:20:26
I've been thinking about this lately and I think I have an effective solution. 我最近一直在考虑这个问题,我认为我有一个有效的解决方案。 I don't know anything about Rails but the idea should transfer. 我对Rails一无所知,但这个想法应该转移。 I only have experience in Mongo for a database so bear with me. 我只有Mongo的数据库经验所以请耐心等待。
Every device has a unique identifier that can be retrieved in Cordova with device.uuid ( from the Cordova plugin ) or getUUID() ( if you're using ngCordova ). 每个设备都有一个唯一的标识符,可以使用device.uuid( 来自Cordova插件 )或getUUID()( 如果您使用的是ngCordova )在Cordova中检索。 This id is only guaranteed to be unique for each platform, although it is likely to be unique across all, so you should add the platform and model to your unique identifier for good measure. 此ID仅保证对于每个平台都是唯一的,尽管它可能在所有平台上都是唯一的,因此您应该将平台和模型添加到您的唯一标识符中以获得良好的衡量标准。
var deviceId = device.platform + device.model + device.uuid;
Now we have created a truly unique id that will never change and you don't have to deal with local storage. 现在我们已经创建了一个永远不会改变的真正独特的ID,您不必处理本地存储。
Now imagine you have a collection or table of devices in your database that look something like this with the following key-value pairs. 现在假设您的数据库中有一个设备集合或表,它们看起来像这样,具有以下键值对。
{
device: DEVICEID;
loggedIn: true;
userId: USERID;
}
Now when the app starts up grab the deviceId from the device and send it to your server to search for it. 现在,当应用程序启动时,从设备中获取deviceId并将其发送到您的服务器以进行搜索。 This will likely be different for you, just a simple key-value search. 这可能与您不同,只是一个简单的键值搜索。
var result = Devices.find({device: deviceId}).fetch();
In Mongo this will return an array of the results, there should only be one result though. 在Mongo中,这将返回一个结果数组,但应该只有一个结果。 Now we check to see if they were previously logged in and grab the userId. 现在我们检查他们以前是否已登录并获取userId。
var loggedIn = result[0].loggedIn;
var user = result[0].userId;
If they were logged out before or there were no results, take them to the login page. 如果他们之前已注销或没有结果,请将他们带到登录页面。 If they were logged in, run the normal login procedures automatically. 如果他们已登录,请自动运行正常的登录过程。 The user id can be a sort of pointer to an object in another collection. 用户id可以是指向另一个集合中的对象的指针。
This is how I think I would do it, alternatively you can have the user object have the device id as a key, but a user can have multiple devices so it would have to be an array of keys, and I'm not sure how to search for that right now. 这就是我认为我会这样做,或者你可以让用户对象将设备ID作为键,但是用户可以有多个设备,所以它必须是一个键数组,我不知道如何现在搜索。 Adding new devices would be as simple as adding the unique id to the collection and pointing it to the user. 添加新设备就像将唯一ID添加到集合并将其指向用户一样简单。
Every time the app opens, it will check the device id and see if the user is logged in on the device. 每次应用程序打开时,它都会检查设备ID并查看用户是否已登录设备。 You can show a splash screen while this is happening. 发生这种情况时,您可以显示启动画面。
Now if the user selects log out from settings you can update the database to reflect that and the next time they go to the app they will be logged out. 现在,如果用户从设置中选择退出,您可以更新数据库以反映该数据库,并且下次他们转到应用程序时,他们将被注销。
I hope my thoughts could be of assistance. 我希望我的想法可以提供帮助。
EDIT: I was thinking it might be better to delete the device object from the collection every time they log out instead of just setting the loggedIn, this way if they are getting rid of the device it won't remain in your collection. 编辑:我认为每次他们退出时从集合中删除设备对象可能会更好,而不是仅仅设置loggedIn,这样如果他们摆脱了设备,它将不会保留在你的集合中。 I'm not sure how removing objects often will impact the performance of the database though, but users don't log out of devices too often as far as I can tell so it shouldn't be too much of an issue. 我不确定删除对象通常会如何影响数据库的性能,但是就我所知,用户不会经常退出设备,所以它不应该是一个太大的问题。
This brings up another point though, used devices. 这提出了另一个观点,即使用过的设备。 This is an easy remedy though, every time a user logs in on an already existing device, update the userId key to the new user if it changed. 这是一个简单的补救措施,但每次用户登录现有设备时,如果新用户发生更改,请将userId键更新为新用户。
FURTHER EDIT (because I can't comment): On local storage/caching and why it's dangerous. 进一步编辑(因为我无法评论):在本地存储/缓存以及为什么它是危险的。 The only thing that you could in local storage to automatically log someone in automatically would be their account credentials, which is highly sensitive information and should never be stored locally (passwords shouldn't be stored remotely either but hashing is a separate subject). 您可以在本地存储中自动自动登录某人的唯一方法是他们的帐户凭据,这是高度敏感的信息,不应该存储在本地(密码不应远程存储,但散列是一个单独的主题)。 You would never store their password in cache, you could make up some secret key and store it but anything accessible locally can be read by someone and potentially replicated on another device. 您永远不会将其密码存储在缓存中,您可以组成一些密钥并存储它,但本地可访问的任何内容都可以被某人读取并可能在另一台设备上复制。 The device id information would be much harder to fake. 设备ID信息将更难伪造。
解决方案2
6 2015-04-16 09:23:29
Sorry, I'm unable to comment (need 50 rep) but I think using localStorage is a valid option here. 对不起,我无法评论(需要50个代表),但我认为使用localStorage是一个有效的选项。 You can create a JSON Web Token (JWT) and store it in cache. 您可以创建JSON Web令牌(JWT)并将其存储在缓存中。
On Android, unless you explicitly clear cache of your app by going into Settings, the app will keep your user logged in (ie not kill your cache) even if you Force Stop it or remove it from the multi-tasking pane. 在Android上,除非您通过进入“设置”明确清除应用程序的缓存,否则应用程序将保持您的用户登录(即不会终止缓存),即使您强制停止它或从多任务窗格中删除它也是如此。 I'm not sure how it works in iOS. 我不确定它在iOS中是如何工作的。
I highly recommend this amazing Cache Wrapper by jmdobry 我强烈推荐jmdobry这个惊人的Cache Wrapper
Also, there are amazing third-party libraries that can handle authentication for you: 此外,有惊人的第三方库可以为您处理身份验证:
- Auth0 (personal recommendation) Auth0 (个人推荐)
- Firebase User Authentication Firebase用户身份验证
I hope this helps! 我希望这有帮助! Good luck. 祝好运。
解决方案3
0 2016-06-09 17:32:37
Not very secure, but you could use Cordova/JS friendly localStorage.. 不是很安全,但你可以使用Cordova / JS友好的localStorage ..
if ( logged_in_successfully ) {
localStorage.setItem("email", email)
localStorage.setItem("password", password)
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.