I am starting to look at developing mobile apps. I was wondering if anyone had some suggestions on how to keep the user logged into the app once it has closed so they would not have to log in again when the app starts again. I know something will have to be stored in the devices memory but should it just store session variable from web api from when they logged in? Or something else?
Thanks in Advance,
Jon
I'm not sure officially what the persistence of the web session is, but at least as a first step, that would probably work. I have seen instances, especially during the checkout process, that the session needs to be transferred to maintain login status and cart state, etc, so there would probably need to be some handling as well to detect if the app *expects* the user to be logged in.
There are also ways that you may be able to use login tokens through the API, or even something along the lines of a device registration, as well, so that the user is guaranteed to only have to log-in once from a specific device. Are you opposed to just storing the credentials in the device memory, and then logging in via SSL? Unless you want to have a persistent cart, session state, or something else stored in the API Session, I'd say storing credentials, encrypted, on the device is relatively secure.
Chris
Thanks Chris,
Good ideas, I am not opposed to storing the credentials but I would think that they could at some point become out of synch. That is if the user goes to the website rather than the app and changes there password or login id.
The idea of device token to keep them logged in is interesting of some sort is interesting.
If you go the device token route - you may still want to prompt for a password - what happens if the device is stolen? Will your app have 'autopay' functionality or will they be forced to always enter a credit card number?
What about using Facebook Connect instead? - it's a little off topic but that does serve as a form of 'single sign on'. For anyone that doesn't have / want to use FBC, then they could just log in normally.
Good luck!
HI Nathan,
Thanks for the response. I'm not sure if I want to store credit card info on the device, main reason is that it can be stolen. I would think they have to enter the credit card info each time. I was thinking more of just keeping them logged in so that if the user wanted to purchase tickets (re-enter creditcard info), view orders or display ticket barcodes they would not have to relogin.
The openid/oauth stuff is interesting as well.
Thanks,