保持电话应用程序登录的最佳实践是什么? 令牌方法安全吗?
[英]What is the best practice to keep a phone app logged in? Is the token approach safe?
问题描述
Right now I'm learning how to develop apps in android and I would like to keep the user logged in even after the app is closed. 
现在,我正在学习如何在android中开发应用程序,并且即使关闭应用程序,我也希望保持用户登录状态。 I read here that I can use the android device id and a sent token to keep the user logged in. However, if later I decide to expand my application to iOS, Windows or other operation systems, is this approach still going to work? 我在这里阅读到可以使用android设备ID和发送的令牌使用户保持登录状态。但是,如果以后我决定将应用程序扩展到iOS,Windows或其他操作系统,这种方法是否仍然有效? Is it safe to just use a token make the authentication? 仅使用令牌进行身份验证是否安全? If so, how strong (how many characters) should be the token? 如果是这样,令牌应该有多强(多少个字符)?
Thanks in advance 提前致谢
2 个解决方案
解决方案1
0 2017-05-25 05:19:54
Use Shared Preferences to save the data in your phone & Clear the saved data when you want to logout. 使用共享首选项将数据保存在手机中,并在要注销时清除保存的数据。
private ProjectUtils utils;
pref = (this.getApplicationContext()).getSharedPreferences("login_credential",MODE_PRIVATE);
//SharedPreferences
editor = pref.edit();
editor.putBoolean("login_status",true);
editor.putString("user_id", String.valueOf(userId));
editor.putString("password", String.valueOf(passwd));
editor.putString("boy_id", String.valueOf(loginPojo.getBoyDetails().getBoyId()));
editor.putString("boy_name", loginPojo.getBoyDetails().getBoyName());
editor.putString("boy_age", loginPojo.getBoyDetails().getBoyAge());
editor.putString("boy_phone", String.valueOf(loginPojo.getBoyDetails().getBoyPhone()));
editor.putString("boy_dlno", loginPojo.getBoyDetails().getBoyDlno());
// editor.putString("boy_user_id", email);
editor.commit();
Above code is for save the data in Unique key. 上面的代码用于将数据保存在唯一键中。
if(pref.getBoolean("login_status", false))
{
Intent intent = new Intent(SplashScreen.this,MainActivity.class);
startActivity(intent);
Log.e("LOGIN","Yes");
}
else
{
Intent intent = new Intent(SplashScreen.this,LoginActivity.class);
startActivity(intent);
Log.e("LOGIN","No");
}
解决方案2
0 已采纳 2017-05-25 06:05:43
Well, you have to store the user in the device and check every time the app opens if still there or not! 好吧,您必须将用户存储在设备中,并在每次打开应用程序时检查是否仍然存在! here's an example.. 这是一个例子。
In case the login done through a web request api, now inside the OnSuccessResponse of the web request I make a new object of my User model class and then save it using SharedPreference! 如果通过Web请求api登录,现在在Web请求的OnSuccessResponse内,则OnSuccessResponse User模型类的新对象,然后使用SharedPreference保存它! I use a very awesome SharedPreference library called Hawk for that.! 我为此使用了一个非常棒的SharedPreference库,称为Hawk 。
// code..
@Override
public void onResponse(JSONObject response) {
Gson gson = new Gson();
try {
UserModel user= gson.fromJson(response.getJSONObject("customer").toString(), UserModel.class);
Hawk.put("user", user); // here I save the user object
Toasty.success(context, "Login was a success", Toast.LENGTH_SHORT).show();
Intent i = new Intent(context, MyHome.class);
context.startActivity(i);
} catch (JSONException e) {
e.printStackTrace();
}
}
// code..
Now when user logs out just delete the object..! 现在,当用户注销时,只需删除对象即可。
Hawk.remove("user");
Intent i = new Intent(UserSettings.this, LoginActivity.class);
UserSettings.this.startActivity(i);
When the app open again, check inside the first screen that shows.. for my case it's the Splash screen..! 当应用程序再次打开时,请在显示的第一个屏幕中检查..就我而言,这是启动屏幕。
UserModel user = Hawk.get("user");
Intent intent;
if (user != null) //if the user is null then the user was deleted from the logout process!
intent = new Intent(Splash.this, MyHome.class);
else
intent = new Intent(Splash.this, LoginActivity.class);
startActivity(intent);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.