Log out user from Android app when user signs in on website

Question

I have an Android app and a website that offer the same content to a user. I'm trying to accomplish the following:

If a user signs in on the website the Android app should sign him out automatically and if the user signs into their account from the Android app then the website should sign them out. This is to make sure at one time the user can access either the web app or the Android app, not together.

I'm looking for best practices and solutions to accomplish this.

Here's what I have come up with:

When the user logs in either from Android or website I update a field in the database called "login_device" this will be either "web" or "mobile" depending on the situation.

If "login_device" is "mobile" and the user logs in from the website it will change to "web" and the Android app will log out the user.

If "login_device" is "web" and the user logs in from the Android app, this value changes to "mobile" and the user is logged out from the web.

Also, I have created a web service called "ping" for the Android app.

But, in this approach there would be a need for the Android app to maintain a constant connection with the server to check the value of "login_device".

Here's the ping service code:

<?php

    require_once 'transact/info.php';
    require_once 'transact/database.php';
    require_once 'transact/func.php';

    $data = file_get_contents('php://input');
    $json = json_decode($data);

    $id = mysql_real_escape_string($json->{'user_id'});

    $query = 'select login_device from users where id = '.$id;
    $result=mysql_query($query) or die('error getting admin details : '.mysql_error());
    $row = mysql_fetch_array($result);

    $array = array("login_device" => $row['login_device']);
    print( json_encode($array));
?>

So, my questions are:

Q - In this approach how can I maintain a constant connection with the sever to check the value of "login_device:

Q - Is there a better and more standard way of trying to accomplish the above?

Thanks for helping out!

Answer 1

Q - In this approach how can I maintain a constant connection with the sever to check the value of "login_device:

Define a standard time interval in which even if someone logins to the website, they dont really have enough time to break any rules (according to what your apps are doing) (for example 10 seconds), and ping the website in this interval. The architecture of the mobile apps is usually based on REST technologies. That said, there is no really permanent connection. The closer you can get is very close together pings. So, you only need to define "how often is often enough for me"

Q - Is there a better and more standard way of trying to accomplish the above?

No, because this is not a usual requirement. Most applications/websites right now do not disallow permanent usage from multiple devices. So how you have started doing it seems like the best solution

Answer 2

Have you considered building a website using node.js and then turning it into a mobile app by wrapping it in Phone Gap and XCode to turn it into Droid and iOS apps respectively. Node.js will keep a synchronous connection open to your app, which will allow push events when the login status of the user changes.