Logging into a website from android

Question

Basically I have a form in my android app that lets the user enter his/her username and password and then this is POSTED to a very simple login page made in PHP online. I then need to access a second pae which pulls down data from an xml file - in order to access this page the user must be logged in. The xml page that the user sees is dependent of their username.

On my login page I have

session_start();
session_register("username");

At the beginning of each page that checks login I have

<?php
session_start();
?>

and to check if the user is logged in I use a simple if statement

if(!session_is_registered("username")){?> 
display whatever

else bla

How can I make this work in my android application? I am unable to go to the xml page after I have logged in because it does not recognise me as being logged in.

Answer 1

Firstly, perform the login using a web browser to ensure it works ok. Then do the same thing again, and use something like Live Http Headers or Charles Proxy to examine the request and response headers. I imagine there will be some kind of session cookie passed back and forth after a successful login. You would need to read the cookie from the response of a successful login and send it back with the request for your XML page.

EDIT
There is a simple example of performing a post with a cookie using HttpClient and another using HttpsUrlConnection in my question and answer in this thread .

Answer 2

If it's a single retrieval, why bother with sessions? Have the website serve the XML file as direct response to the request with the user credentials by the application.

If you need to use sessions for some reason, you need to search the reply to the POST request for the session id and deliver the session id with your request for the XML data. The session id is likely in the cookies, it can also be in the hyperlinks of the page (depends on how you setup your login).

Answer 3

PHP sessions are implemented with cookies. Whenever you call session_start() , the response includes a Set-Cookie header which sets a browser cookie containing the PHP session ID. By default (and unless you have renamed the cookie with the session.name PHP configuration option ), the name of the cookie is PHPSESSID .

After logging the user in, subsequent requests need to be issued with a Cookie header containing the session ID. Before submitting each request, simply make sure that you re-use the CookieStore object that you used to log the user in (call AbstractHttpClient#setCookieStore on any new HttpClient instance).

Answer 4

essentially, you need to programmatically perform a post using the httpclient libs in android, pull the session cookie from the response (set-cookie headeR), and make sure to include that cookie in any subsequent requests to the server.

you can google for how to use httpclient to do a post, like this . here's an example of inserting a cookie into a request using httpclient. i'll let you read some javadocs / find some more examples to put it together.