Android and PHP - Do I need to use sessions?

Posted by jtnire on Stack Overflow See other posts from Stack Overflow or by jtnire
Published on 2012-03-21T23:19:31Z Indexed on 2012/03/21 23:29 UTC
Read the original article Hit count: 183

Filed under:

php-session

I have created an Android App that communicates with a PHP web server. They both send JSON to each other. My App is almost finished, however there is one thing left to do: authentication.

Since the user's username and password will be stored in Android SharedPreferences, is there any need to use PHP sessions, given that the user won't need to enter the username/password at every request?

Since I can just send the username and password in the HTTP POST header for every request, and that I will be using SSL, is this sufficient? I guess I could add an extra field in the header called 'random' that just adds a random value, just to use as a salt so that the encrypted SSL payload will be different everytime.

The reason why I don't want to use sessions is that my Android App would either have to handle cookies, or managed the storage of the session ID.

If there are some serious cons to using my method above, then I'm more than happy to use sessions, however all advice is appreciated.

Thanks

Related posts about php-session

How to secure a directory in Apache using a PHP session

as seen on Server Fault - Search for 'Server Fault'
I have a site that uses PHP session for authentication. There is one directory that I would like to restrict access to that does not use any PHP, it's just full of static content. I just don't know how to restrict access without every request going through a PHP script. Is there some way to have… >>> More
PHP Session variables not passing across pages

as seen on Stack Overflow - Search for 'Stack Overflow'
Common problem, but I'm stumped. Session variables are passing across pages on my local (localhost) deployment, but not on my (www) host. I use a common includes file for each page with this code: $sessionDomain = "/"; @ini_set("session.cookie_path",$sessionDomain); $sessionName = "ccSID".md5('/store/'); session_name($sessionName); session_start(); I… >>> More
Store domain model in PHP session

as seen on Stack Overflow - Search for 'Stack Overflow'
Is that a good practice to store the objects of the domain model in the PHP session ? This would enable to avoid to query and reconstruct every PHP object to each PHP request. Is there a size limit ? >>> More
PHP session starter detect for visitor counting

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there a way to find out on session being started. Like for instance the session start event in the global.ascx file of .net. The requirement is to find the no. of visits the user has done on the site. Instead of checking each time during posts or gets to the server. Is there something in php… >>> More
PHP session not working with JQuery Ajax?

as seen on Stack Overflow - Search for 'Stack Overflow'
Update, Solved: After all this I found out that I was calling an old version of my code in the update ajax. 'boardControl.php' instead of 'boardUpdate.php' These are the kinds of mistakes that make programing fun. I'm writing a browser gomoku game. I have the ajax statement that allows the player… >>> More

Developer IT