Token in interaction between Android client and server

What is learning Tokentoken?

Token is a string generated by the server to serve as a token for the client to make the request, and when the first login is made, a token is returned to the client, and the client needs to bring the token to request the data, without having to bring the username and password again.

The introduction of Token--

Token is the client frequently to the server to request data, the server frequently go to the database to query the user name and password and contrast, to determine the correct user name and password, and make the corresponding hints, in such a context, token will come into being

The purpose of using tokens--

Token is designed to relieve the pressure on the server, reduce the frequency of querying the database, and make the server more robust.

How do I use tokens?

Two ways to use:

1. Use device number/device MAC address as token (recommended)

   Client: The client obtains the device's device number/MAC address when logging on, and passes it as a parameter to the server.

   Server: After the server receives the parameter, it uses a variable to receive it as token in the database, and the token is set to the session, the client each request to be unified interception, The token passed by the client and the token in the server-side session are compared, and if the same is released, the difference is rejected.
   Analysis: At this point the client and server are unified with a unique identity token, and each device has a unique session. The disadvantage of this method is that the client needs to take the device number/MAC address as a parameter, and the server side needs to be saved; The advantage is that the client does not need to log in again, as long as the login can be used after one time, as for the time-out problem is the server side to handle, how to handle? If the server's token expires, the server simply queries the token passed by the client to the database and assigns it to the variable token, so that the token's timeout is re-timed.

2. use Session value as token

   Client: The client only needs to carry the username and password to login.

   Client: The client receives the user name and password and determines that if it is correct, it returns the local fetch SessionID as token to the client, and the client only needs to bring the requested data.

   Analysis: The benefits of using this approach are convenient and do not store data, but the disadvantage is that when the session expires, the client must log back in to access the data.

Use of session and token in Git-osc:

Not long ago, when I learned to sign in, I first contacted token, but it was unclear how it was, and now I understand:

When the user logs in, the server returns a session with tokens in the session, and when the token is received, we need to save the token.
The next time the user sends the request, it is not necessary to carry the user name and password, this can reduce the burden on the server, only need to carry tokens and the corresponding request required parameters.

So far, I understand a few questions:

1. Before learning the source code, do not understand what token is doing, now understand.
2. Before the source code, there are many places GetToken, that time did not understand, now understand.
3. In the request data, in the parameter, always stitching a token parameter, that time do not understand, now understand.

    /** * User login, save private token * * @param appContext * @param username * @param Password * @return gitlabuser User information * @throws ioexception */     Public StaticUserLogin(AppContext AppContext, String useremail, string password)throwsappexception {String urlstring = Urls.login_https;                Session session = Gethttprequestor (). Init (AppContext, Httprequestor.post_method, urlstring) . with ("Email", UserEmail). with ("Password", password). to (Session.class);//Save the user's private token        if(Session! =NULL&& Session.get_privatetoken ()! =NULL{String token = Cyptoutils.encode (Gitosc_private_token, Session.get_privatetoken ());        Appcontext.setproperty (Private_token, TOKEN); }returnSession }

Resources

How the Android client and server use token and session

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Token in interaction between Android client and server